Content Security Policy (CSP)#

Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. CSP is should be used as defense-in-depth. It reduces the harm that a malicious injection can cause, but it is not a replacement for input validation and output encoding for websites.

Mozilla Content Security Policy (CSP) Guide: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP

Google CSP tips: https://developers.google.com/web/fundamentals/security/csp