HTML Guide

Content-Security-Policy HTTP header: Bad content security policy

content security policy
headers
CSP
XSS

The HTTP Content-Security-Policy response header allows web site administrators to control resources the user agent is allowed to load for a given page. With a few exceptions, policies mostly involve specifying server origins and script endpoints. This helps guard against cross-site scripting attacks.

Learn more:

MDN: Content Security Policy (CSP)
MDN: Content-Security-Policy response header
MDN: Cross-site scripting (XSS)