Open
Description
CSP3 should clearly specify what considerations a document adding a new directive to the CSP header must address. A specific example is how to process multiple policies for a directive that doesn't have a clear algorithm for intersecting policies in a least privileged manner. (e.g. the previously proposed referrer policy directives or newly proposed cookie directives)