1. headers http header: csp: content-security-policy: strict-dynamic