Content-Security-Policy: default-src 'self' http://example.com; connect-src 'none'; Content-Security-Policy: connect-src http://example.com/; script-src http://example.com/
Content-Security-Policy - HTTP | MDN
The HTTP Content-Security-Policy response header allows web site administrators to control resources the user agent is allowed to load for a given page. With a few exceptions, policies mostly involve specifying server origins and script endpoints. This helps guard against cross-site scripting attacks (XSS (en-US)).
https://developer.mozilla.org/ko/docs/Web/HTTP/Headers/Content-Security-Policy


Seonglae Cho