Content-Security-Policy response header allows web site administrators to control resources the user agent is allowed to load for a given page. With a few exceptions, policies mostly involve specifying server origins and script endpoints. This helps guard against cross-site scripting attacks (Cross-site_scripting).
For more information, see the introductory article on Content Security Policy (CSP).
|Header type||Response header|
|Forbidden header name||no|