Content Security Policy (usually abbreviated as CSP) is a way for web pages to restrict the sites allowed to include content within the page. It also can restrict whether inline scripts are allowed to run and whether inline styles/css are allowed. Chrome shipped support for the CSP 1.0 spec using the unprefixed header in Chrome 25 last February. The CSP header will work for Firefox, Chrome, IE 10 (sandbox only) and any other browsers that implement the spec. The header has been unprefixed instead of X-Content-Security-Policy.”]
Source: https://blog.mozilla.org/security/2013/06/11/content-security-policy-1-0-lands-in-firefox/