My objective is to block 3rd party script or content injection, but allow scripts from my site and Adsense.
There are various versions of a CSP. This is the code Google recommends:
When installed, it displays properly in response headers and passes Google’s CSP Evaluator, the Moz Observatory and Secarma validators.
I already have numerous other security features installed and am not looking for alternatives. I’m trying to determine how to get this header directive to work as intended. Thanks.