Content Security Policy (CSP) is a security standard that helps prevent cross-site scripting and other code injection attacks. It works by requiring web sites to declare approved sources of content that browsers should be allowed to load on that site, such as JavaScript, CSS, fonts, and media files. The CSP defines directives for controlling different content types and reporting policy violations.