具体请参考:
http://software-security.sans.org/downloads/appsec-2014-files/building-a-content-security-policy-csp-eric-johnson.pdf