Http content security policy
From wikinotes
The Content-Security-Policy (CSP) is configured by the server in HTTP responses in the header Content-Security-Policy
It controls what resources a client is allowed to load from (ex: javascript, css, ...).
Entry values are space-separated, and new keys are separated by ;
s.
Documentation
MDN https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
Examples
Content-Security-Policy: connect-src http://example.com/; script-src http://example.com/; font-src http://example.com/