Content-Security-Policy: object-src directive
Baseline Widely available
This feature is well established and works across many devices and browser versions. It’s been available across browsers since August 2016.
The HTTP Content-Security-Policy
object-src directive specifies valid sources for the
and elements.
Note:
Elements controlled by object-src are perhaps coincidentally
considered legacy HTML elements and aren't receiving new standardized features (such as
the security attributes sandbox or allow for