The directive 'plugin-types' allows developer to restrict which types of plugin can be loaded via <embed> or <object> html elements. The main point was to allow developer to block Flash in their pages. But Flash support has been discontinued, so there is not much point in this anymore.
The CSP directive 'plugin-types' allows web developers to restrict which plugins a page can load via the html elements <embed> and <object>. The main goal was to allow developers to disable Flash. Since Flash support has been discontinued, this is not needed anymore. See also the discussion in https://github.com/w3c/webappsec-csp/issues/394
Explainers: https://github.com/w3c/webappsec-csp/issues/394