Content Security Policy Level 2 (CSP2) is an effective defense-in-depth mechanism against cross site scripting and content injection attacks. CSP2 is available in the Insider Fast ring now starting with EdgeHTML 15.15002, and will ship to stable builds with the Windows 10 Creators Update. The new directives base-uri, child-src, form-action, form.action, plugin-types and frame-ancestors are now supported. Background worker scripts are governed by their own policy, separate from the policy of the document loading them.”]
Source: https://blogs.windows.com/msedgedev/2017/01/10/edge-csp-2/