1. headers http header: csp: content-security-policy: unsafe-hashes