https://en.wikipedia.org/api/rest_v1/page/mobile-html/Foobar doesn't load correctly yet because of CSP issues.
From Chrome DevTools console:
Comparing mobile-html CSP with the one from Parsoid
content-security-policy: default-src 'self'; object-src 'none'; media-src *; img-src *; style-src *; frame-ancestors 'self'
content-security-policy: default-src 'none'; media-src *; img-src *; style-src http://*.wikipedia.org https://*.wikipedia.org 'unsafe-inline';frame-ancestors 'self'
I think even if we used the Parsoid CSP header we would probably be missing the script-src one. We might need to set our own one, unless someone has a better idea.