Content Security Policy as a blacklist

Can I use the Content Security Policy Header to blacklist the loading of scripts from certain domains?

Solution

No you can’t. When you create a CSP policy, it’s basically a “deny all” policy. You then add back “allow from” exceptions to that. But you can’t do it the other way around; this is, you can’t, in a CSP policy, express “allow all” as a default and then add back specific “deny from” exceptions.

How to Fix "String as JavaScript" Errors in FLP? (Async Module Loading)
Prevent svelte build from including inline script as it violates CSP
insertBefore and appendChild in font awesome kit (version 5.15.4) causing csp issue only in Firefox Asp.Net Core
Vite + Vue 3 built project Content-Security-Policy Error (CSP) 'script-src "self"' because of new Function constructor in built files
Refused to load the script : Content-Security-Policy
Jenkins Content Security Policy
Does the Content Security Policy Standard support wildcard paths? If not, why doesn't it?
What is the difference between CORS and CSPs?
This document requires 'TrustedScriptURL' assignment
Electron Content Security Policy error when connecting to my api
Why are FQDN (ending with a dot) not working in CSP?
How do I show video content when Content Security Policy is in place?
Content security policy error when trying to frame Authorize.net hosted payment page
Html Error: Refused to load the script because it violates the following Content Security Policy directive
Unrecognized Content-Security-Policy directive 'script-src:'
adding security headers in wso2am-4.0.0 (sts & csp & referer headers)
Why would a REST API need a CSP?
PyQt5: How to download icon for QWebEngineView?
Stripe js script violates all the unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' and 'self' directives how it is possible?
Content Security Policy: "img-src 'self' data:"
Content Security Policy "data" not working for base64 Images in Chrome 28
Refused to create a worker from 'blob:https://x/6a...293' because it violates the following Content Security Policy directive
Content Security Policy - Determine source of blocked resource
How to detect `eval` calls when addressing UI5 modules at runtime?
Setup for Helmet and ReportURi?
Content Security Policy not blocking the loading of third party javascript
Refused to load the script because it violates the following Content Security Policy directive
javascript click function causes Content Security Policy error
CSP with NextJS 'Refused to execute inline script' in production
Google Chrome extension that I'm working on keeps throwing CSP errors