And search including:

⌂ Demonstrates:

CSP header, currently using


                          default-src 'self';
              script-src 'self' https://cdn.jsdelivr.net 'nonce-browser-sync';
              style-src 'self' 'nonce-random-string'; require-trusted-types-for 'script';
              trusted-types dompurify;

Do not use https://cdn.jsdelivr.net as CSP since that is too broad and risky. We only do it for demo purposes

View Source:

View the source for this example on Github