What is Content Security Policy (CSP), and how does it enhance security?

CSP is an HTTP header that restricts resources like scripts, images, and styles to specific sources, preventing attacks such as Cross-Site Scripting (XSS) by controlling which resources can be loaded.

Example:

<meta http-equiv="Content-Security-Policy" content="default-src 'self'; img-src https://example.com">