Safari only bug: 'script-src' contains an invalid source: ''strict-dynamic''. It will be ignored. · Issue #397 · google/google-api-javascript-client · GitHub
Optimizely's Content-Security-Policy Journey | by Ola Nordstrom | Engineers @ Optimizely | Medium
Content-Security-Policy not workin… | Apple Developer Forums
Unrecognized Content-Security-Policy directive 'referrer'. - Salesforce Developer Community
Debugging and setting the Content Security Policy in the CSP header and meta tag; debug via browser console, via violation reports and SecurityPolicyViolation event; why the CSP header is truncated
CSP policy in Safari | Apple Developer Forums
A systematic study of content security policy in web applications - Liu - 2016 - Security and Communication Networks - Wiley Online Library
Content Security Policy (CSP) Headers
Content Security Policy with Google Analytics & Tag Manager | Bounteous
⚖ Browsers support of the child-src directive; child-src is a fallback directive for frame-src and worker-src; frame-src and worker-src take precedence over child-src
How to create a solid and secure Content Security Policy
A systematic study of content security policy in web applications - Liu - 2016 - Security and Communication Networks - Wiley Online Library
⚖ 'unsafe-eval' in worker-src / child-src does not work, it must be specified in script-src; the worker-src directive covers only the worker creation, the executing of worker's script is controlled by other