If the parent and iframe have different CSP restrictions, which one is applied? If have a parent page that is served with the following CSP header:
