- Added full CSP header allowing WebAssembly, external scripts/styles, WebSocket connections
- Includes 'unsafe-eval' and 'unsafe-inline' for RDP functionality
- Allows CDN resources from jsdelivr and cloudflare
- Permits WebSocket connections for RDP protocol