1. headers HTTP header: csp: Content-Security-Policy: strict-dynamic