|
|
|
|
|
|
by thayne
434 days ago
|
|
|
> It's called Content Security Policy, not Content Performance Policy As is often the case with security, the downsides of locking something down may not be worth the increased security . Another reason not to prohibit inline scripts and stylesheets is if you need to dynamically generate them (although I think strict-dynamic would allow that). > External resources can be cached across multiple pageloads. That only matters if the resource is actually shared across multiple pages |
|
|