=HTTP Server Behavior=
==;HTTP Header Placement==:The <tt>X-Content-Security-Policy</tt> HTTP Response header should MAY be present in the [http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2 Message Headers] section of a server's HTTP response. Specifically, it must MUST NOT appear in the [http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.40 Trailer Headers] section of the response, so that the policy may be enforced as the rest of the page content loads. Multiple <tt>X-Content-Security-Policy</tt> Response headers will MAY be considered; if more than one is present, the intersection of the policies is enforcedinserted.
