CSP Meta Audit should test if value is valid

[jbmoelker]

Also are multiple <meta name="Content-Security-Policy" value="..."> tags supported?

[jbmoelker]

Should CSP meta be considered a good practice or avoided?

CSPs preferred delivery mechanism is an HTTP header. -- Google Web Fundamentals

If should be avoided, that's the advice we should give. Also we could link the helpText directly to the meta tag section.