Content Security Policy is a header that allows you, the developer or security engineer, to define where web applications can load content from.
By defining a strict policy, you can completely* mitigate attacks such as cross-site scripting.
* Well, not completely; scriptless DOM-based injections will still work, but really it's going to make lots of things lots better. We promise.
If you already love CSP, this site can help you get up and running with it quickly.
How To Use This Site
Ready to test out your own policy?
References, tools, and case studies.