Content Security Policy is a mechanism designed to make applications more secure against common web vulnerabilities, particularly cross-site scripting. It is enabled by setting the Content-Security-Policy HTTP response header. The core functionality of CSP can be divided into three areas: Requiring that all scripts are safe and trusted by the application owner (ideally by making sure they match an