Content Security Policy (a.k.a. CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross-Site Scripting (XSS) and data injection attacks.
If you want to enable this extra security layer in your website then you need to configure your web server to return the
Content-Security-Policy HTTP header.
Configuring Content Security Policy involves adding the
Content-Security-Policy HTTP header to a web page and giving it values to control what resources the user agent is allowed to load for that page.
For example, a page that uploads and displays images could allow images from anywhere, but restrict a form action to a specific endpoint.
Another example could be to only allow loading styles from a specific and trusted sources. If your website uses the popular CSS framework Bootstrap then you must allow loading the CSS style files from Bootstrap CDN.
<link href="https://firstname.lastname@example.org/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-F3w7mX95PdgyTmZZMECAngseQB83DfGTowi0iMjiWaeVhAn4FJkqJByhZMI3AhiU" crossorigin="anonymous">
You can read more information about CSP here.