client-hints/sandbox/iframe-csp-same-origin.https.html.headers

Content-Security-Policy: sandbox allow-scripts allow-same-origin