Definition
A response header from a web server serving web pages that specifies from which origin scripts and assets are allowed to be loaded.
The primary use case for CSP is to control which resources, in particular JavaScript resources, a document is allowed to load. This is mainly used as a defense against cross-site scripting (XSS) attacks, in which an attacker is able to inject malicious code into the victim’s site.
credit: MDN