A CSP or Content-Security-Policy is a definition of what kind of external or internal content is allowed in your website. It is given as a long string in a HTTP header.
A primary goal of CSP is to mitigate and report XSS attacks. XSS attacks exploit the browser’s trust of the content received from the server. Malicious scripts are executed by the victim’s browser because the browser trusts the source of the content, even when it’s not coming from where it seems to be coming from.https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP