What is Content-Security-Policy?
CSP is an HTTP header that helps you mitigate XSS risk by preventing resources from untrusted origins from loading. CSP comes with several different directives, each of which serves a specific purpose. For instance, the img-src directive is used when loading images, script-src is used when loading scripts, connect-src is used for XHR, WebSocket and friends, and so on.
For the detailed article click here
For the detailed article click here