Correct headers syntax descriptions, the rest

files/en-us/web/http/headers/content-security-policy/connect-src/index.md

@@ -43,16 +43,17 @@ loaded using script interfaces. The APIs that are restricted are:
 
 ## Syntax
 
-One or more sources can be allowed for the connect-src policy:
-
 ```http
-Content-Security-Policy: connect-src <source>;
-Content-Security-Policy: connect-src <source> <source>;
+Content-Security-Policy: connect-src 'none';
+Content-Security-Policy: connect-src <source-expression-list>;
 ```
 
-### Sources
+This directive may have either:
+
+- the single keyword value `'none'`, meaning that no resources of this type may be loaded
+- a list of _source expression_ values, meaning that resources of this type may be loaded if they match any of the given source expressions.
 
-`<source>` can be any one of the values listed in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources#sources).
+The syntax for each source expression is given in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources).
 
 ## Examples
 

files/en-us/web/http/headers/content-security-policy/default-src/index.md

@@ -41,16 +41,17 @@ The HTTP {{HTTPHeader("Content-Security-Policy")}} (CSP) **`default-src`** direc
 
 ## Syntax
 
-One or more sources can be allowed for the `default-src` policy:
-
 ```http
-Content-Security-Policy: default-src <source>;
-Content-Security-Policy: default-src <source> <source>;
+Content-Security-Policy: default-src 'none';
+Content-Security-Policy: default-src <source-expression-list>;
 ```
 
-### Sources
+This directive may have either:
+
+- the single keyword value `'none'`, meaning that no resources of this type may be loaded
+- a list of _source expression_ values, meaning that resources of this type may be loaded if they match any of the given source expressions.
 
-`<source>` can be any one of the values listed in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources#sources).
+The syntax for each source expression is given in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources).
 
 ## Examples
 

files/en-us/web/http/headers/content-security-policy/font-src/index.md

@@ -33,16 +33,17 @@ valid sources for fonts loaded using {{cssxref("@font-face")}}.
 
 ## Syntax
 
-One or more sources can be allowed for the `font-src` policy:
-
 ```http
-Content-Security-Policy: font-src <source>;
-Content-Security-Policy: font-src <source> <source>;
+Content-Security-Policy: font-src 'none';
+Content-Security-Policy: font-src <source-expression-list>;
 ```
 
-### Sources
+This directive may have either:
+
+- the single keyword value `'none'`, meaning that no resources of this type may be loaded
+- a list of _source expression_ values, meaning that resources of this type may be loaded if they match any of the given source expressions.
 
-`<source>` can be any one of the values listed in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources#sources).
+The syntax for each source expression is given in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources).
 
 ## Examples
 

files/en-us/web/http/headers/content-security-policy/form-action/index.md

@@ -31,16 +31,17 @@ The HTTP {{HTTPHeader("Content-Security-Policy")}} (CSP) **`form-action`** direc
 
 ## Syntax
 
-One or more sources can be set for the `form-action` policy:
-
 ```http
-Content-Security-Policy: form-action <source>;
-Content-Security-Policy: form-action <source> <source>;
+Content-Security-Policy: form-action 'none';
+Content-Security-Policy: form-action <source-expression-list>;
 ```
 
-### Sources
+This directive may have either:
+
+- the single keyword value `'none'`, meaning that no form submissions may be made
+- a list of _source expression_ values, meaning that form submissions may be made to URLs that match any of the given source expressions.
 
-`<source>` can be any one of the values listed in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources#sources).
+The syntax for each source expression is given in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources).
 
 ## Examples
 

files/en-us/web/http/headers/content-security-policy/frame-src/index.md

@@ -38,16 +38,17 @@ browsing contexts loading using elements such as {{HTMLElement("frame")}} and
 
 ## Syntax
 
-One or more sources can be allowed for the `frame-src` policy:
-
 ```http
-Content-Security-Policy: frame-src <source>;
-Content-Security-Policy: frame-src <source> <source>;
+Content-Security-Policy: frame-src 'none';
+Content-Security-Policy: frame-src <source-expression-list>;
 ```
 
-### Sources
+This directive may have either:
+
+- the single keyword value `'none'`, meaning that no resources of this type may be loaded
+- a list of _source expression_ values, meaning that resources of this type may be loaded if they match any of the given source expressions.
 
-`<source>` can be any one of the values listed in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources#sources).
+The syntax for each source expression is given in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources).
 
 ## Examples
 

files/en-us/web/http/headers/content-security-policy/img-src/index.md

@@ -31,16 +31,17 @@ The HTTP {{HTTPHeader("Content-Security-Policy")}} **`img-src`** directive speci
 
 ## Syntax
 
-One or more sources can be allowed for the `img-src` policy:
-
 ```http
-Content-Security-Policy: img-src <source>;
-Content-Security-Policy: img-src <source> <source>;
+Content-Security-Policy: img-src 'none';
+Content-Security-Policy: img-src <source-expression-list>;
 ```
 
-### Sources
+This directive may have either:
+
+- the single keyword value `'none'`, meaning that no resources of this type may be loaded
+- a list of _source expression_ values, meaning that resources of this type may be loaded if they match any of the given source expressions.
 
-`<source>` can be any one of the values listed in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources#sources).
+The syntax for each source expression is given in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources).
 
 ## Examples
 

files/en-us/web/http/headers/content-security-policy/manifest-src/index.md

@@ -34,16 +34,17 @@ to the resource.
 
 ## Syntax
 
-One or more sources can be allowed for the `manifest-src` policy:
-
 ```http
-Content-Security-Policy: manifest-src <source>;
-Content-Security-Policy: manifest-src <source> <source>;
+Content-Security-Policy: manifest-src 'none';
+Content-Security-Policy: manifest-src <source-expression-list>;
 ```
 
-### Sources
+This directive may have either:
+
+- the single keyword value `'none'`, meaning that no resources of this type may be loaded
+- a list of _source expression_ values, meaning that resources of this type may be loaded if they match any of the given source expressions.
 
-`<source>` can be any one of the values listed in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources#sources).
+The syntax for each source expression is given in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources).
 
 ## Examples
 

files/en-us/web/http/headers/content-security-policy/media-src/index.md

@@ -33,16 +33,17 @@ media using the {{HTMLElement("audio")}} and {{HTMLElement("video")}} elements.
 
 ## Syntax
 
-One or more sources can be allowed for the `media-src` policy:
-
 ```http
-Content-Security-Policy: media-src <source>;
-Content-Security-Policy: media-src <source> <source>;
+Content-Security-Policy: media-src 'none';
+Content-Security-Policy: media-src <source-expression-list>;
 ```
 
-### Sources
+This directive may have either:
+
+- the single keyword value `'none'`, meaning that no resources of this type may be loaded
+- a list of _source expression_ values, meaning that resources of this type may be loaded if they match any of the given source expressions.
 
-`<source>` can be any one of the values listed in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources#sources).
+The syntax for each source expression is given in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources).
 
 ## Examples
 

files/en-us/web/http/headers/content-security-policy/object-src/index.md

@@ -40,16 +40,17 @@ The HTTP {{HTTPHeader("Content-Security-Policy")}}
 
 ## Syntax
 
-One or more sources can be allowed for the `object-src` policy:
-
 ```http
-Content-Security-Policy: object-src <source>;
-Content-Security-Policy: object-src <source> <source>;
+Content-Security-Policy: object-src 'none';
+Content-Security-Policy: object-src <source-expression-list>;
 ```
 
-### Sources
+This directive may have either:
+
+- the single keyword value `'none'`, meaning that no resources of this type may be loaded
+- a list of _source expression_ values, meaning that resources of this type may be loaded if they match any of the given source expressions.
 
-`<source>` can be any one of the values listed in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources#sources).
+The syntax for each source expression is given in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources).
 
 ## Examples
 

files/en-us/web/http/headers/content-security-policy/prefetch-src/index.md

@@ -36,16 +36,17 @@ be prefetched or prerendered.
 
 ## Syntax
 
-One or more sources can be allowed for the `prefetch-src` policy:
-
 ```http
-Content-Security-Policy: prefetch-src <source>;
-Content-Security-Policy: prefetch-src <source> <source>;
+Content-Security-Policy: prefetch-src 'none';
+Content-Security-Policy: prefetch-src <source-expression-list>;
 ```
 
-### Sources
+This directive may have either:
+
+- the single keyword value `'none'`, meaning that no resources of this type may be loaded
+- a list of _source expression_ values, meaning that resources of this type may be loaded if they match any of the given source expressions.
 
-`<source>` can be any one of the values listed in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources#sources).
+The syntax for each source expression is given in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources).
 
 ## Example
 

files/en-us/web/http/headers/content-security-policy/script-src-attr/index.md

@@ -35,24 +35,25 @@ It does not apply to other JavaScript sources that can trigger script execution,
 
 ## Syntax
 
-One or more sources can be allowed for the `script-src-attr` policy:
-
 ```http
-Content-Security-Policy: script-src-attr <source>;
-Content-Security-Policy: script-src-attr <source> <source>;
+Content-Security-Policy: script-src-attr 'none';
+Content-Security-Policy: script-src-attr <source-expression-list>;
 ```
 
+This directive may have either:
+
+- the single keyword value `'none'`, meaning that no resources of this type may be loaded
+- a list of _source expression_ values, meaning that resources of this type may be loaded if they match any of the given source expressions.
+
+The syntax for each source expression is given in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources).
+
 `script-src-attr` can be used in conjunction with {{CSP("script-src")}}, and will override that directive for checks on inline handlers:
 
 ```http
 Content-Security-Policy: script-src <source>;
 Content-Security-Policy: script-src-attr <source>;
 ```
 
-### Sources
-
-`<source>` can be any one of the values listed in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources#sources).
-
 ## Examples
 
 ### Violation case

files/en-us/web/http/headers/content-security-policy/script-src-elem/index.md

@@ -35,24 +35,25 @@ It does not apply to other JavaScript sources that can trigger script execution,
 
 ## Syntax
 
-One or more sources can be allowed for the `script-src-elem` policy:
-
 ```http
-Content-Security-Policy: script-src-elem <source>;
-Content-Security-Policy: script-src-elem <source> <source>;
+Content-Security-Policy: script-src-elem 'none';
+Content-Security-Policy: script-src-elem <source-expression-list>;
 ```
 
+This directive may have either:
+
+- the single keyword value `'none'`, meaning that no resources of this type may be loaded
+- a list of _source expression_ values, meaning that resources of this type may be loaded if they match any of the given source expressions.
+
+The syntax for each source expression is given in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources).
+
 `script-src-elem` can be used in conjunction with {{CSP("script-src")}}:
 
 ```http
 Content-Security-Policy: script-src <source>;
 Content-Security-Policy: script-src-elem <source>;
 ```
 
-### Sources
-
-`<source>` can be any one of the values listed in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources#sources).
-
 ## Examples
 
 ### Violation case

files/en-us/web/http/headers/content-security-policy/script-src/index.md

@@ -31,16 +31,17 @@ The HTTP {{HTTPHeader("Content-Security-Policy")}} (CSP) **`script-src`** direct
 
 ## Syntax
 
-One or more sources can be allowed for the `script-src` policy:
-
 ```http
-Content-Security-Policy: script-src <source>;
-Content-Security-Policy: script-src <source> <source>;
+Content-Security-Policy: script-src 'none';
+Content-Security-Policy: script-src <source-expression-list>;
 ```
 
-### Sources
+This directive may have either:
+
+- the single keyword value `'none'`, meaning that no resources of this type may be loaded
+- a list of _source expression_ values, meaning that resources of this type may be loaded if they match any of the given source expressions.
 
-`<source>` can be any one of the values listed in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources#sources).
+The syntax for each source expression is given in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources).
 
 ## Examples
 

files/en-us/web/http/headers/content-security-policy/style-src-attr/index.md

@@ -36,24 +36,25 @@ These are set using {{CSP("style-src-elem")}} (and valid sources for all styles
 
 ## Syntax
 
-One or more sources can be allowed for the `style-src-attr` policy:
-
 ```http
-Content-Security-Policy: style-src-attr <source>;
-Content-Security-Policy: style-src-attr <source> <source>;
+Content-Security-Policy: style-src-attr 'none';
+Content-Security-Policy: style-src-attr <source-expression-list>;
 ```
 
+This directive may have either:
+
+- the single keyword value `'none'`, meaning that no resources of this type may be loaded
+- a list of _source expression_ values, meaning that resources of this type may be loaded if they match any of the given source expressions.
+
+The syntax for each source expression is given in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources).
+
 `style-src-attr` can be used in conjunction with {{CSP("style-src")}}:
 
 ```http
 Content-Security-Policy: style-src <source>;
 Content-Security-Policy: style-src-attr <source>;
 ```
 
-### Sources
-
-`<source>` can be any one of the values listed in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources#sources).
-
 ## Examples
 
 ### Violation cases

files/en-us/web/http/headers/content-security-policy/style-src-elem/index.md

@@ -35,24 +35,25 @@ The directive does not set valid sources for inline style attributes; these are
 
 ## Syntax
 
-One or more sources can be allowed for the `style-src-elem` policy:
-
 ```http
-Content-Security-Policy: style-src-elem <source>;
-Content-Security-Policy: style-src-elem <source> <source>;
+Content-Security-Policy: style-src-elem 'none';
+Content-Security-Policy: style-src-elem <source-expression-list>;
 ```
 
+This directive may have either:
+
+- the single keyword value `'none'`, meaning that no resources of this type may be loaded
+- a list of _source expression_ values, meaning that resources of this type may be loaded if they match any of the given source expressions.
+
+The syntax for each source expression is given in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources).
+
 `style-src-elem` can be used in conjunction with {{CSP("style-src")}}:
 
 ```http
 Content-Security-Policy: style-src <source>;
 Content-Security-Policy: style-src-elem <source>;
 ```
 
-### Sources
-
-`<source>` can be any one of the values listed in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources#sources).
-
 ## Examples
 
 ### Violation cases