Content Security Policy (CSP)

script-src

blob: - used by WebWorkers

style-src

'unsafe-inline' - used by Controls

img-src

data: - used by Legend Control and Grid Layer / Front Layer