Header set Content-Security-Policy "script-src 'self' https://www.google.com"

FAQ