/files/zh-cn/web/http/headers/content-security-policy/
../
base-uri
block-all-mixed-content
child-src
connect-src
default-src
font-src
form-action
frame-ancestors
index.html
report-to
require-sri-for
sandbox
script-src-elem
upgrade-insecure-requests
worker-src