Chrome is returning this error on the console while defining basic csp codes:
The Content-Security-Policy directive name 'Content-Security-Policy:' contains one or more invalid characters. Only ASCII alphanumeric characters or dashes '-' are allowed in directive names.
This is all I have on my .htaccess file:
Header always set Content-Security-Policy "default-src 'self' script-src: 'self' 'unsafe-inline';"
Is there anything wrong you can see? Thanks
Yes, you have an error. You forgot a ";" before script-src:
Header always set Content-Security-Policy "default-src 'self'; script-src: 'self' 'unsafe-inline';"