http - Content security policy not working -

i adding response header header:

x-content-security-policy default-src 'none';

i expect no css or images loaded on page, loaded. doing wrong?

for chrome , newer (v. 23 , newer) versions of firefox:

content-security-policy: default-src 'none' 

for safari:

x-webkit-csp: default-src 'none' 

for older versions of firefox (v. 23 , older):

x-content-security-policy: default-src 'none' 

sorry - ie, sandbox policy recognized, , in ie 10 , newer.