It would be good to have a security section for ideas like this.
There is already a clear approach for using content-security-policy headers here, but as it's a code change it would take code releases to modify.
This idea is for a page in Zed to manage the CSP headers. This would improve the visibility of these settings and allow instant changes by non-developers. The downside is you might not want all Zed users to have access to this page but that could be managed via the Zed ACL controls.