The patch of headers said as follows and can not go through in the config. using eagle tool.
..........................................
X-Content-Type-Options: nosniff
X-XSS-Protection: 1
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self'; base-uri 'self'; block-all-mixed-content
.................................................


any suggestions on it. Thanks much