Content Security Policy is an added layer of security that helps detect and mitigate certain types of attacks, including Cross-Site Scripting (XSS) and data injection attacks.
header("Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';");
This example CSP header restricts resources to be loaded only from the same origin, with some exceptions for inline scripts and styles. Adjust the policy based on your specific needs and security requirements.