default_content_security_policy

The default Content-Security-Policy used by the webview as if it were set by an HTTP header.

This applies to all content loaded including through navigation or via the various webkit_web_view_load_\* APIs. However do note that many WebKit APIs bypass Content-Security-Policy in general such as UserContentManager and run_javascript.

Policies are additive so if a website sets its own policy it still applies on top of the policy set here.