https://www.rootsec.xyz/2022/03/mencegah-xss-dengan-csp-atau-content.html