Imported from bugzilla.wikimedia.org (original author: seather).
- Reduce Cross Site Scripting (XSS) and data injection attacks.
- Avoid accidental loading of images, fonts, styles or other resources from third-party domains.
Enabling CSP is as easy as configuring your web server to return the Content-Security-Policy HTTP header.
Other products jumping on the band wagon:
- phpMyAdmin: http://www.phpmyadmin.net/documentation/changelog.php ("[core] Include Content Security Policy HTTP headers.")
- MantisBT: http://www.mantisbt.org/blog/?p=119 ("As Firefox 4 has been pushed back to early 2011 we have more time to finish off the implementation of X-Content-Security-Policy within MantisBT.")
- GitHub: http://githubengineering.com/githubs-csp-journey