My current Known .htaccess
Content-Security-Policy is full of #IndieWeb tool urls.
<IfModule mod_headers.c>
Header set Content-Security-Policy: "default-src 'self'; frame-ancestors 'self' https:// www.youtube-nocookie.com https:// player.vimeo.com; base-uri 'self'; form-action 'self' https:// www.brid.gy https:// indieauth.com/ https:// monocle.p3k.io/ https:// aperture.p3k.io https:// indigenous.abode.pub https:// alltogethernow.io https:// quill.p3k.io; script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; style-src 'self' 'unsafe-inline' https:// fonts.googleapis.com; img-src 'self' https: data:; media-src *; worker-src 'self' https; font-src *; connect-src 'self'; frame-src 'self' https:// www.youtube-nocookie.com https:// player.vimeo.com;
Header set X-Content-Security-Policy: "default-src 'self'; frame-ancestors 'self' https:// www.youtube-nocookie.com https:// player.vimeo.com; base-uri 'self'; form-action 'self' https:// www.brid.gy https:// indieauth.com/ https:// monocle.p3k.io/ https:// aperture.p3k.io https:// indigenous.abode.pub https:// alltogethernow.io https:// quill.p3k.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'none'; style-src 'self' 'unsafe-inline' https:// fonts.googleapis.com; img-src 'self' https: data:; media-src *; worker-src 'self' https; font-src *; connect-src 'self'; frame-src 'self' https:// www.youtube-nocookie.com https:// player.vimeo.com;
Header set X-WebKit-CSP: "default-src 'self'; frame-ancestors 'self' https:// www.youtube-nocookie.com https:// player.vimeo.com; base-uri 'self'; form-action 'self' https:// www.brid.gy https:// indieauth.com/ https:// monocle.p3k.io/ https:// aperture.p3k.io https:// indigenous.abode.pub https:// alltogethernow.io https:// quill.p3k.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'none'; style-src 'self' 'unsafe-inline' https:// fonts.googleapis.com; img-src 'self' https: data:; media-src https:; worker-src 'self' https; font-src *; connect-src 'self'; frame-src 'self' https:// www.youtube-nocookie.com https:// player.vimeo.com;
</IfModule>