Content Security Policy

TODO: flesh this section out https://www.owasp.org/index.php/Content_Security_Policy

stuff stuff stuff