Some inexplicable things are inserted into the web page. For some reason, https cannot be turned on. If you decide to use Content-Security-Policy.
This is the Content-Security-Policy configuration on the nginx server side
Then the browser checks that Font has been killed, and I don’t know what to do. 
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
服务器-->网络-->用户浏览器。 服务器没错,浏览器没错。网页被插入一些莫名其妙的东西,有人在在网络传输中插入和修改的数据(常见的有DNS劫持和HTTP流量劫持)。 而HTTP是明文协议,所以被劫持非常常见。
最后,你增加了一个控制的HTTP HEADER,别人也很容易删除它。至于你在题中附的图片,我看不太清,所以没有当做参考(后续使用HAR文件可能比较合适)。