On this page can set the __Content Security Policy (CSP)__ and various other security HTTP headers.\\
External link 
https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
\\ 
[{Image src='webinterfacecsp.jpg' width='..' height='..' align='left' style='..' class='..' }]\\
\\
The CSP header comes with default policy 
{{{
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-eval'
}}}
\\\
not visible in the GUI. The __Domains Allowed__ field extend the policy with external source directives.