Definition
A Content Protection Policy (CSP) is a security standard that provides an additional layer of protection from cross-site scripting (XSS), clickjacking, and other code injection attacks. It is a defensive measure against any attacks that rely on executing malicious content in a trusted web context, or other attempts to circumvent the same-origin policy.
With CSP, you can limit which data sources are allowed by a web application, by defining the appropriate CSP directive in the HTTP response header.