Page Comparison

One of the main advantages of CSP is protection against inline script execution and calls to the JavaScript eval() and function() routines, so this is not generally recommended and we we do not recommend using the directive “unsafe-eval” any longer as a previous version of this FAQ recommended (before there was an wasm specific directive). We strongly recommended that you also include other directives such as only loading JavaScript from a trusted domain, using SSL, and adding directives to only load resources over HTTPS. For more info, see here.