ContentSecurityPolicy: string | { [directive: string]: string | string[] | undefined | null }

A value for the Content-Security-Policy <meta> tag (or HTTP header). It can be the string value or (for convenience) it can be an object defining each policy directive separately; the values of this object can again be either a string, or (for convenience) an array of strings listing the individual sources separately (or a nullish value, equivalent to not including the directive).


* 'default-src': "'none'",
* 'img-src': ['data:'],
* 'style-src': ['data:', "'unsafe-inline'"],
* }