Generate Content Security Policy headers to protect against XSS and other attacks
default-src
Fallback for other directives
'self'
Add this header to your HTTP response:
Content-Security-Policy: default-src 'self'