No CSP violations observed in console.
DOM-scan: 0 inline <script> tags, 0 inline <style> tags, 1 element with inline event handler attribute.
The single inline-handler element is worth tracking down — strict CSP should reject it unless 'unsafe-inline' or a hash is present.
