HTML Guide for content-security-policy

Bad value “”Content-Security-Policy”” for attribute “http-equiv” on element “meta”.

The W3C HTML Validator issue you’re encountering indicates that the value specified for the http-equiv attribute in a <meta> tag is not valid. This often happens due to incorrect formatting, spelling errors, or extraneous characters in the attribute value.

To resolve this issue, ensure that the http-equiv attribute is spelled correctly and that it contains valid values. For a basic Content Security Policy (CSP), the correct way to specify it in the <meta> tag is as follows:

Correct Usage of <meta> with http-equiv

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <meta http-equiv="Content-Security-Policy" content="default-src 'self';">
    <title>Document Example</title>
</head>
<body>
    <h1>Hello, World!</h1>
</body>
</html>

Fixes to Apply:

Ensure Correct Spelling: The attribute value must be spelled exactly as “Content-Security-Policy” (case-sensitive).
Check for Extraneous Characters: Make sure there are no extra quotes or spaces within the attribute value.

Example of a Bad Value:

If your original <meta> tag looks something like this:

<meta http-equiv=""Content-Security-Policy"" content="default-src 'self';">

You should change it to:

<meta http-equiv="Content-Security-Policy" content="default-src 'self';">