Content Security Policy
A content security policy (CSP) is a header sent by the web server, which is intended to increase the security of the website. It is primarily about so-called "active" content, such as javascript, which is executed in the website visitor's browser. A CSP is supposed to prevent so-called cross-site scripting (XSS) attacks, clickjacking and the slipping of other malicious code.
The CSP header instructs the visitor's browser which active content it may or may not execute. This can, for example, only be Javascript code from javascript files from your own website. Even if an attacker succeeded in placing their own Javascript code on the page, this would not be executed due to the CSP.
Security is important to you. Not just to protect your own confidential information, and not just to protect your site visitors. If malware is found on your site, it will also be detrimental to your search engine rankings. Pages on which malware is discovered end up on blacklisting and are no longer indexed. It takes a lot of effort to get a page out of these blacklists.
Test your site at https://observatory.mozilla.org
