credential-management/fedcm-revoke.https.html.headers

Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; connect-src https://idp.example