Introduce CONTENT_SECURITY_POLICY environment variable to set HTTP header "Content-Security-Policy".
Content Security Policy (CSP) is a feature that helps to prevent or minimize the risk of certain types of security threats. It consists of a series of instructions from a website to a browser, which instruct the browser to place restrictions on the things that the code comprising the site is allowed to do.
https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
