We host websites and web services for several clients and use HAProxy as a HA/distribution system.
I am looking at implementing a content security policy to allow scripts from various third parties. I have found a configuration line that will implement the content security policy on the backend for each service, but I would like to implement a standard policy across all services to allow changes to be made in a single place rather than multiple changes.
Is it possible to add a similar statement to be implemented in all backends? Alternatively, can the scrip-src be added to an ACL?