Hi there,

I was fixing the follow to my website passing all the test.

Strict-Transport-Security

X-Frame-Options

X-Content-Type-Options

Referrer-Policy

Permissions-Policy

But I stuck to Content-Security-Policy.

I added the following code

<meta http-equiv="Content-Security-Policy" content="

default-src 'self'; script-src 'self' 'unsafe-inline';

style-src 'self' 'unsafe-inline'; img-src 'self' data: https:;

font-src 'self' data: https:; connect-src 'self' https:;

object-src 'none'; base-uri 'self';

form-action 'self'; upgrade-insecure-requests;

">

And the test passed.

BUT, after testing the page with Pagespeed Insight, 8 errors come:

Executing inline script violates the following Content Security Policy directive… to a different issue.

Is someone using similar code to implement the website with this security policy?

Please advice

Nek