This may help
and we have more information about CSP here Mitigate XSS Attacks with Content Security Policy