Content Security Policy (CSP) is a new security feature being rolled out to protect user accounts from cross-site scripting (XSS) attacks by blocking inline scripts and restricting the domains from which scripts can be loaded. Although implementing CSP in a Rails app is straightforward, it poses challenges, such as requiring modifications to how inline scripts, event handlers, and CSS are used, and potentially causing issues with browser extensions and bookmarklets. Inline scripts and styles are blocked unless specific unsafe directives are set, necessitating a shift to more declarative coding practices. While CSP provides a last line of defense against XSS, its implementation can lead to false positives and reporting challenges due to browser and extension incompatibilities. Nonetheless, the commitment to CSP is seen as a step towards better security, with hopes that broader adoption will address these current limitations.