An easily available and stout defense against cross-site scripting – content security policy – is sparsely deployed because it is not compatible with most websites. Content Security Policy (CSP) is an ...