starter_policy: {
    base-uri: string[];
    connect-src: string[];
    default-src: string[];
    form-action: string[];
    img-src: string[];
    script-src: string[];
    style-src: string[];
} = ...

This is the starter policy described here: https://content-security-policy.com/

""