What is happening when I have two CSP (Content Security Policies) policies - header & meta?

security browser web content-security-policy

If you have CSP directives specified both in a Content-Security-Policy HTTP header and in a meta element, the browser uses the most-restrictive CSP directives, wherever specified.

See the details on multiple polices at https://w3c.github.io/webappsec-csp/#multiple-policies and details on using the meta element at https://w3c.github.io/webappsec-csp/#meta-element:

A policy specified via a meta element will be enforced along with any other policies active for the protected resource, regardless of where they’re specified. The general impact of enforcing multiple policies is described in §8.1 The effect of multiple policies.

8.1. The effect of multiple policies

The impact is that adding additional policies to the list of policies to enforce can only further restrict the capabilities of the protected resource.

Related

no match for ‘operator<<’ in ‘std::operator
Using CMake with multiple compilers for the same language
Can't print to pdf ggplot charts [duplicate]
How to disable 'This type of file can harm your computer' pop up
JavaScript keypress event not raised on Android browser
How to enable diagnostic verbosity for Cake
Altering the primary key in Rails to be a string
Oracle Equivalent to MySQL INSERT IGNORE?
AJAX request to local file system not working in Chrome? [duplicate]
UTL_FILE.FOPEN() procedure not accepting path for directory?
how to get a client's MAC address from HttpServlet?
Comma separated values in MySQL "IN" clause