Fetch and analyze the Content-Security-Policy header — grade directives, spot gaps, get recommendations