The default Content-Security-Policy used by the webview as if it were set by an HTTP header.
This applies to all content loaded including through navigation or via the various
webkit_web_view_load_* APIs. However do note that many WebKit APIs bypass
Content-Security-Policy in general such as
Policies are additive so if a website sets its own policy it still applies on top of the policy set here.