My current Known .htaccess
Content-Security-Policy is full of #IndieWeb tool urls.
<IfModule mod_headers.c>
Header set Content-Security-Policy: "default-src 'self'; frame-ancestors 'self'
; base-uri 'self'; form-action 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; style-src 'self' 'unsafe-inline' ; img-src 'self' https: data:; media-src *; worker-src 'self' https; font-src *; connect-src 'self'; frame-src 'self' ;
Header set X-Content-Security-Policy: "default-src 'self'; frame-ancestors 'self' ; base-uri 'self'; form-action 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'none'; style-src 'self' 'unsafe-inline' ; img-src 'self' https: data:; media-src *; worker-src 'self' https; font-src *; connect-src 'self'; frame-src 'self' ;
Header set X-WebKit-CSP: "default-src 'self'; frame-ancestors 'self' ; base-uri 'self'; form-action 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'none'; style-src 'self' 'unsafe-inline' ; img-src 'self' https: data:; media-src https:; worker-src 'self' https; font-src *; connect-src 'self'; frame-src 'self' ;
</IfModule>