CSP is an HTTP header that restricts resources like scripts, images, and styles to specific sources, preventing attacks such as Cross-Site Scripting (XSS) by controlling which resources can be loaded.
Example:
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; img-src https://example.com">