Chrome is returning this error on the console while defining basic csp codes:

The Content-Security-Policy directive name 'Content-Security-Policy:' contains one or more invalid characters. Only ASCII alphanumeric characters or dashes '-' are allowed in directive names.

This is all I have on my .htaccess file:

Header always set Content-Security-Policy "default-src 'self' script-src: 'self' 'unsafe-inline';"

Is there anything wrong you can see? Thanks

CodePudding user response：

Yes, you have an error. You forgot a ";" before script-src:

Header always set Content-Security-Policy "default-src 'self'; script-src: 'self' 'unsafe-inline';"