Setup wizard, same as it reports PHP components availability and checks files permissions, it should check if scripts are properly run and warn if CSP is preventing execution.
osTicket requires Content-Security-Policy to include in directive script-src an 'unsafe-inline' value. Otherwise floating help does not work.
Alternatively to this feature, osTicket should support a strict CSP-SOP to website gets A+ rate by CSP public checkers.
