defaultContentSecurityPolicy

The default Content-Security-Policy used by the webview as if it were set by an HTTP header.

This applies to all content loaded including through navigation or via the various webkit_web_view_load_\* APIs. However do note that many WebKit APIs bypass Content-Security-Policy in general such as #WebKitUserContentManager and webkit_web_view_run_javascript().

Policies are additive so if a website sets its own policy it still applies on top of the policy set here.

Since

2.38