Content-Security-Policy is the name of an HTTP response header that current browsers utilize to improve document security (or web page). The Content-Security-Policy header allows you to control how the browser loads resources such as JavaScript, CSS, and pretty much anything else.
Although it is most commonly used as an HTTP response header, it may also be used as a meta tag.
Impact
There is no direct impact on your website if CSP is not implemented. However, if your website is exposed to a Cross-site Scripting attack, CSP can prevent the vulnerability from being successfully exploited. You will lose this extra layer of protection if you do not implement CSP.
Browser Support for CSP
Chrome
Content-Security-Policy
CSP Level 3 – Chrome 59+ Partial SupportContent-Security-Policy
CSP Level 2 – Chrome 40+ Full Support Since January 2015Content-Security-Policy
CSP 1.0 – Chrome 25+X-Webkit-CSP
Deprecated – Chrome 14-24
Firefox
Content-Security-Policy
CSP Level 3 – Firefox 58+ Partial SupportContent-Security-Policy
CSP Level 2 – Firefox 31+ Partial Support since July 2014Content-Security-Policy
CSP 1.0 – Firefox 23+ Full SupportX-Content-Security-Policy
Deprecated – Firefox 4-22
Safari
Content-Security-Policy
CSP Level 3 – Safari 15.4+ Partial SupportContent-Security-Policy
CSP Level 2 – Safari 10+Content-Security-Policy
CSP 1.0 – Safari 7+X-Webkit-CSP
Deprecated – Safari 6
Edge
Content-Security-Policy
CSP Level 3 – Edge 79+ Partial SupportContent-Security-Policy
CSP Level 2 – Edge 15+ Partial, 76+ FullContent-Security-Policy
CSP 1.0 – Edge 12+
Internet Explorer
X-Content-Security-Policy
Deprecated – IE 10-11 support sandbox
only
for more information please refer to the link
ZOFixer.com security scan helps to find this vulnerability in your software and server, you can easily use it by registering on our website and activating the 30-day trial.