The CSP header test should support Trusted Types, a feature that blocks unsafe JavaScript APIs such as .innerHTML which can result in DOM-based cross-site scripting vulnerabilities.
The CSP test on SecurityHeaders should support these directives:
require-trusted-types-for should be set to 'script' (currently the only option),
trusted-types should be set to 'none' (ideal), or a list of policy names.
This security feature has been supported by Chrome/Edge since version 83 (19th May 2020).
The CSP header test should support Trusted Types, a feature that blocks unsafe JavaScript APIs such as
.innerHTMLwhich can result in DOM-based cross-site scripting vulnerabilities.The CSP test on SecurityHeaders should support these directives:
require-trusted-types-forshould be set to'script'(currently the only option),trusted-typesshould be set to'none'(ideal), or a list of policy names.This security feature has been supported by Chrome/Edge since version 83 (19th May 2020).
And there is a good writeup of the feature by Krzysztof Kotowicz.