Content security policy headers teams migration to cloud domain

With this new migration of Microsoft cloud services to i.e. MS teams to teams[dot]cloud[dot]microsoft  , I have a question for simple tab apps built on react for teams , our app is launched directly from the URL we have given in the manifest JSON file , so where do we put the CSP(content security protocol) headers , or , are they at all required for such use cases similar to ours ?

Microsoft Teams