Designed to be fully compatible with browser versions that don’t support it, Content Security Policy (CSP) is an additional layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. Configuring Content Security Policy involves adding the Content-Security-Policy HTTP header to a web page and giving it values to control resources the user agent is allowed to load for that page. (source: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP)
When configuring CSP on your pages including THEOplayer, you will need to allow:
Note: In old 2.X versions the script-src 'unsafe-eval' also needed adding. As of 2.48.0 this is no longer needed.
The following resources provide more information: