Complete the code to specify the directive that controls which sources are allowed to load scripts.
Content-Security-Policy: [1] 'self';
The script-src directive controls which sources are allowed to load JavaScript scripts.
Complete the code to allow resources only from the same origin.
Content-Security-Policy: default-src [1];The 'self' keyword allows loading resources only from the same origin as the page.
Fix the error in the CSP header to block all inline scripts.
Content-Security-Policy: script-src [1];Using 'none' blocks all script sources including inline scripts.
Fill both blanks to allow images only from the same origin and trusted domain.
Content-Security-Policy: img-src [1] [2];
The img-src directive allows images from the same origin ('self') and the trusted domain https://trusted.com.
Fill all three blanks to create a CSP that allows styles from the same origin, scripts only from a CDN, and blocks all inline scripts.
Content-Security-Policy: style-src [1]; script-src [2] [3];
This CSP allows styles only from the same origin ('self'), scripts only from the CDN (https://cdn.example.com), and blocks inline scripts by using 'none' alongside the CDN.