Content-Security-Policy: default-src 'self'; script-src 'nonce-EDNnf03nceIOfn39fn3e9'; style-src 'self' 'nonce-EDNnf03nceIOfn39fn3e9'; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:;
CSP directives help specify which sources of content are allowed to be executed within a web page. Here are some common directives related to CSP assets: csp assets
: Policies can also control if and how a webpage can be framed or if frames can be used to load content from other sources. Content-Security-Policy: default-src 'self'
echo -n "alert('safe')" | openssl dgst -sha256 -binary | base64 style-src 'self' 'nonce-EDNnf03nceIOfn39fn3e9'