third_party/blink/web_tests/external/wpt/fedcm/fedcm-csp.https.html.sub.headers

Cross-Origin-Embedder-Policy: credentialless
Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline'; img-src 'self'