Content Security Policy (CSP) requires careful coordination and precise definition of the security concept. When this option is enabled, CSP has a significant impact on the way the browser renders (composes) the pages. For example, inline JavaScript is disabled by default and must be explicitly allowed in the policy. The CSP can help mitigate code injection attacks.