Content-Security-Policy (CSP) is a major control to protect against Cross-Site Scripting Attacks. This video talks about both offensive and defensive perspectives of Content-Security-Policy implementations for your application

Code for the example app: https://github.com/we45/csp-flask

Code for the presentation: https://github.com/we45/AppSecEngineerCSPIntro