Describe how Content Security Policy (CSP) enhances web application security.

Content Security Policy (CSP) is a security header that helps prevent XSS attacks by controlling which resources (scripts, styles, images) can be loaded and executed. It defines trusted sources for content, blocks inline scripts by default, and provides detailed reporting of policy violations. CSP acts as an additional security layer that significantly reduces the impact of code injection attacks.