# Security

### Content Security Policy (CSP)

#### script-src

`blob:` - used by WebWorkers

#### style-src

`'unsafe-inline'` - used by Controls

#### img-src

`data:` - used by Legend Control and Grid Layer / Front Layer

`blob:` - used by loadTextureData with custom headers or abort signal