Content Security Policy (CSP)

Published: August 8, 2019

This is used to prevent your website from downloading files from untrusted domains.

I heard about it from Troy Hunt here.

You want to add something like this to your head tag in the HTML file.

html

<meta
  http-equiv="Content-Security-Policy"
  content="default-src 'self' https://www.googletagmanager.com; img-src 'self' https://*; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com;"
/>

If some attackers have managed to get, let's say a script tag into your browser, this would stop that script from running.

For more information see this page.