In a constent security policy header: Should the url’s be quoted or not, and is there any security implication to this decision?

So in a CSP like the below:

content-security-policy: upgrade-insecure-requests; frame-ancestors ‘self’ https://stackexchange.com

Should the url part be quoted like this (example from mozilla security) – even though this exa… Continue reading In a constent security policy header: Should the url’s be quoted or not, and is there any security implication to this decision?