Content-Security-Policy: script-src-attr directive

The HTTP Content-Security-Policy (CSP) script-src-attr directive specifies valid sources for JavaScript inline event handlers.

This directive only specifies valid sources for inline script event handlers like onclick. It does not apply to other JavaScript sources that can trigger script execution, such as URLs loaded directly into