Content-Security-Policy
Content-Security-Policy
as the header name.
default-src
- options
removed - is now
'unsafe-inline'
and 'unsafe-eval'
default-src
and disable-xss-protection
- based on an intermediate version of the spec
allow
instead of default-src
, inline-script
instead of disable-xss-protection