Content Security Policy Header zusammenstellen und als HTTP-Header oder Meta-Tag exportieren.
default-src
script-src
style-src
img-src
font-src
connect-src
media-src
frame-src
object-src
base-uri
form-action
frame-ancestors
upgrade-insecure-requests
block-all-mixed-content