I have set a strict CSP in my .htaccess to only allow content from a list of domains.
Example:
Header set Content-Security-Policy "default-src \'s
