Application security is about adding extra layers of protection. One easy win is to add a Content Security Policy (CSP) to your web application’s headers. Enforcing a CSP can protect your app from cross-site scripting (XSS), clickjacking and other code injection attacks. Managing a content security policy at scale can be hard. This Cheat Sheet will teach you the best practices of integrating a content security policy in your app.