Content Security Policy (CSP)

Published: August 8, 2019

This is used to prevent your website from downloading files from untrusted domains.

I heard about it from Troy Hunt here.

You want to add something like this to your head tag in the HTML file.

  content="default-src 'self'; img-src 'self' https://*; style-src 'self'; font-src 'self';"

If some attackers have managed to get, let's say a script tag into your browser, this would stop that script from running.

For more information see this page.