Content Security Policy, or CSP, is a browser security control that restricts what a page can execute or load. A strong CSP can block inline scripts, limit approved domains for JavaScript, images, fonts, and network requests, and reduce the chance that injected content turns into code execution.
In cyber security, CSP matters because many attacks begin with a small HTML or script injection and then try to pull malicious code from an external server. If the policy is strict, the browser may refuse those loads and stop the attack chain. CSP is especially important in embedded browser surfaces such as editor webviews, admin consoles, and other app panels where trusted application code and web content meet. Defenders use CSP alongside input sanitization, sandboxing, and careful message handling to shrink the impact of cross-site scripting, content injection, and token theft attempts.