Content Security Policy
Also known as: csp
A header that limits which scripts, styles and other resources a page is allowed to load.
Content Security Policy lets a site declare a whitelist: scripts may come from these origins, images from those, inline scripts are forbidden, and so on. The browser enforces the rules and reports violations.
CSP is one of the strongest defences against cross-site scripting (XSS) and third-party script injection, but it's tricky to author without breaking legitimate features. Weak CSPs (unsafe-inline, wildcard hosts) provide little protection.
