How to add a content security policy
Content Security Policy (CSP) is a browser feature that that helps to detect and prevent certain types of attacks, mostly Cross-Site Scripting (XSS). While Framer sites are secure by default, using a CSP can function as additional layer of security.
You can add a Content Security Policy in Framer by setting a meta tag via custom code. The policy will be applied to everything after the tag so make sure you set it at the start of the head tag and always insert additional scripts after.
Example Content Security Policy. Note that the policy in the screenshot will intentionally make the site break; please use a tool like Report URI to create your own.
Content Security Policy meta tag vs Content Security Policy header
The meta tag has the same effect as setting the policy via HTTP headers, with the only drawback of somewhat worse site performance. If you want to set the policy via headers, you need to configure a reverse proxy.