从.htaccess中删除了Content-Security-Policy（CSP）标头仍然阻止了资源

Question

我对Content-Security-Policy非常陌生。我在我的网站的.htaccess文件中添加了这个标题以增加安全性，但它已经破坏了我的网站。我试图用相关资源列出所有域名，但是没有用。

现在我想从我的网站上完全删除此标题。我尝试在.htaccess文件中遵循规则：

<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>
<form id="upload_form" action="/updateuser" method="POST" enctype="multipart/form-data">
		<label for="file">Choose file</label>
		<input type="file" id="fileinput" />
		<img id="source_image">
		<input type="button" id="upload" value="uploadimage">
</form>

和

    import boto3
    from config import S3_KEY, S3_SECRET, S3_BUCKET
    # Ajax function to support upload image call from UI
    @app.route('/user/uploadimage',methods=['GET','POST'])
    def uploadimage():
        print "In uploadimage()"
        starttime = int(round(time.time() * 1000))
        print "Start Monitoring uploadimage()",starttime
        try:
            s3 = boto3.client(
                "s3",
                aws_access_key_id=S3_KEY,
                aws_secret_access_key=S3_SECRET
            )
        except Exception as e:
            print str(e)
        try:
            file = request.files['file']
            s3.upload_fileobj(
                file,
                S3_BUCKET,
                file.filename,
                ExtraArgs={
                    "ACL": "public-read",
                    "ContentType": file.content_type
                }
            )
            print "File uploaded successfully"
            print "Stop Monitoring uploadimage()",(int(round(time.time() * 1000))-starttime)
        except Exception as e:
            print("Error while Saving Image on Amazon S3 : ", e)

虽然这些标题现在没有响应，因为我检查了online server header

Header unset Content-Security-Policy

但是当我在firebug控制台中检查时，这些资源仍被Content-Security-Policy阻止。此外，我查看了Observatory by Mozilla，其中说我的网站已实施Content-Security-Policy。

我现在想完全删除此标头，我正在使用共享主机。请帮帮我。