What is the use of Content Security Policy in Salesforce?

The Lightning Component framework uses the Content Security Policy (CSP) to impose restrictions on content. The main objective is to help prevent cross-site scripting (XSS) and other code injection attacks. CSP is a W3C standard that defines rules to control the source of content that can be loaded on a page.