Thank you for the quick reply, teppo.
So I’ll use only a meta-tag in the head of my template-files, instead writing a directive in PW’s .htaccess-file.
But I don’t understand, why CSP doesn’t make sense for the PW-backend. I tried it out by simply creating a (hardcoded) nonce for the described inline-script and the backend seems to work (on a basic level). Wouldn’t this (done with a real nonce, of course) improve PW’s security?