CSP used: <meta http-equiv="Content-Security-Policy" content="frame-src 'self' http:">
The links on this page work:
tel:1234
mailto:12@example.com