Create a Content-Security Policy

A CSP or Content-Security-Policy is a definition of what kind of external or internal content is allowed in your website. It is given as a long string in a HTTP header.

A primary goal of CSP is to mitigate and report XSS attacks. XSS attacks exploit the browser’s trust of the content received from the server. Malicious scripts are executed by the victim’s browser because the browser trusts the source of the content, even when it’s not coming from where it seems to be coming from.

https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP

The CSP creator tool on toolstud.io helps you create a CSP for some common external services: Google Analytics, Google Fonts, Bootswatch, Stripe, Jquery and a list of common Javascript CDN (Content Delivery Network) services.