CSP is a web security policy that helps prevent Cross-Site Scripting (XSS) and other code injection attacks.
It defines approved sources of content—such as scripts, styles, and images—that the browser is allowed to load.
By restricting resources to only trusted origins, CSP prevents malicious data execution.