Contents
https://dev.to/mattferderer/what-is-csp-why--how-to-add-it-to-your-website-28df
https://content-security-policy.com/examples/nginx/ https://bobcares.com/blog/add-csp-header-nginx/ https://content-security-policy.com/ https://stackoverflow.com/questions/58652892/content-security-policy-refused-to-execute-inline-event-handler-error
invalid number of arguments in "add_header"
https://dev.to/mattferderer/what-is-csp-why--how-to-add-it-to-your-website-28df
add_header 'Content-Security-Policy' 'default-src self unsafe-inline *.akamai.net *.doubleclick.net; font-src self fonts.googleapis.com fonts.gstatic.com; style-src self; script-src self cdnjs.com; img-src self;'
Content-Security-Policy-Report-Only: default-src 'none'; form-action 'none'; frame-ancestors 'none';
Content-Security-Policy-Report-Only: default-src 'none'; form-action 'none'; frame-ancestors 'none'; style-src 'self';
Content-Security-Policy-Report-Only: default-src 'none'; form-action 'none'; frame-ancestors 'none'; style-src 'self'; script-src 'self'; img-src 'self';
Content-Security-Policy-Report-Only: default-src 'none'; form-action 'none'; frame-ancestors 'none'; style-src 'self'; script-src 'self' cdnjs.com; img-src 'self';
add_header Content-Security-Policy "default-src 'self' unsafe-inline *.akamai.net *.doubleclick.net; font-src 'self' fonts.googleapis.com fonts.gstatic.com; style-src 'self'; script-src 'self' cdn.jsdelivr.net cdnjs.com; img-src 'self';";
add_header Content-Security-Policy-Report-Only "default-src 'self'; font-src 'self' fonts.googleapis.com fonts.gstatic.com; style-src 'self' https://cdn.jsdelivr.net; script-src 'self' cdn.jsdelivr.net cdnjs.com; img-src 'self';";