Content Security Policy (CSP) is an effective, browser-based deterrent against cross-site scripting attacks. The goal of CSP is to mitigate content injection attacks against web applications directly within the browser. Despite this, the vast majority of websites do not deploy the standard, and the majority of those that do, deploy it improperly. The researchers determined that site architectural features can influence whether it s possible to deploy CSP without making structural changes to the site in question. CSP deployment lags behind other, more narrowly focused, security headers such as X-XSS and x-frame-options.
Source: https://threatpost.com/content-security-policy-mitigates-xss-breaks-websites/107270/