This document discusses content security policies (CSP) and how they have evolved to improve browser security. It provides an overview of CSP directives that define valid sources of content for different types of resources, such as scripts, styles, and images. It also describes how to implement a basic CSP that limits resources to the current domain and test domains, as well as how to fine tune the policy for specific external scripts and styles. Finally, it briefly mentions other related security headers that can be used to further harden a site.