Content-Security-Policy is a HTTP Response Header
defines allows web site administrators to control resources
is allowed to load for a given page.
With a few exceptions, the Policy mostly involve specifying server origins and script endpoints. This helps guard against Cross-site scripting attacks (XSS).
There might be more information for this subject on one of the following: