The CSP header is applied to the whole website and is enabled by default in /server/filters/cspHeader@enabled.
To enable it only for the specific site(s), please follow these steps.
- Set
/server/filters/cspHeader@enabledtofalse. - Add this meta element to the templates:
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; img-src https://*; child-src 'none';">