Content-Security-Policy response header to mitigate JavaScript Library with Known Vulnerability

Hi Experts,

We have a vulnerability reported on one of our hosted application

150162 Use of JavaScript Library with Known Vulnerability. Application team cannot remediate this due to some limitation on their end and want to solve this by using CSP on F5

Need your support if we can achieve this using LTM policies or irules

Remediation from OEM:

Enable Content-Security-Policy response header for MPP with the following directives to mitigate XSS. 

Content-Security-Policy: default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; frame-ancestors 'self'; form-action 'self';