1. headers http header: content-security-policy: strict-dynamic