It might be helpful to link to further reading, such as: - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy - https://w3c.github.io/webappsec-csp/
