Comment #739
Anonymous wrote
the following reply to
https://jlelse.blog/links/2020/12/web-mess:
CSP not mentioned sadly.. Btw you dont have great csp it includes 'unsafe-inline' or data: inside script-src, overly broad sources such as https: inside object-src or script-src, or not restricting the sources for object-src or script-src. You can test in on mozilla observatory.
Reply to this comment