Cloudflare Header configurations

For Workes & Pages, what is the name of the domain?

What is the issue or error you’re encountering

Header auto concatenate with “,” symbol => invalid CSP header

What steps have you taken to resolve the issue?

Merge header => long header => hard to maintain

What are the steps to reproduce the issue?

Currently, Cloudlfare Pages auto join headers with the “,” => incorrect for CSP header

Example:

_headers

Content-Security-Policy: frame-ancestors ‘none’;
Content-Security-Policy: default-src ‘none’;

Expected:

Content-Security-Policy: frame-ancestors ‘none’; default-src ‘none’;

Actual:

Content-Security-Policy: frame-ancestors ‘none’;, default-src ‘none’;

The “,” character will make the CSP header is incorrect

Because there are many configurations for CSP header, I cannot use only one line to write it.

Do we have any other way to config CSP header via _header file?

Many thanks.