Answer
Content Security Policy, or CSP, tells the browser which content sources are trusted. • It can block unexpected scripts, styles, frames, and images. • It helps reduce damage from code injection. • It is usually sent as an HTTP response header.
💡 Simple Example
<p>Content-Security-Policy: script-src 'self'</p>
⚡ Quick Revision
CSP limits where page resources are allowed to come from.