“Each CSP directive lets you indicate which origins are trusted by using a whitelist-based approach. User agents which support CSP will avoid fetching resources that don’t match your server’s CSP directives. This means our server can determine, at a granular level, which origins are allowed for which…”— Nicolás Bevacqua, ponyfoo.comTagged: Security, Content Security Policy, To Add To QC, Express