Content-Security-Policy (CSP) is a security feature that helps prevent various types of attacks on websites, such as Cross-Site Scripting (XSS) and data injection. It allows web developers to specify which sources of content are trusted, thereby controlling what can be loaded and executed in a web page. This is done by defining a set of rules in the HTTP headers or in a <meta> tag. By implementing a CSP, website owners can enhance their site's security by reducing the risk of malicious content being executed. For example, they can restrict scripts to only load from their own domain or trusted third-party sources, making it harder for attackers to inject harmful code.