Protecting Website with CSP

CSP : Content Security Policy

When your website starts serving to the world, it becomes a potential target for hackers. You might want to allow URLs only from your website to prevent cross-site attacks.

Modern browsers allow websites to announce a header called “Content-Security-Policy” (CSP). You can specify which sites are allowed in this header, and browsers will block resources from any sites not in your CSP, treating them as cross-site attacks.