How do I configure Content Security Policy (CSP) for my website?

CSP prevents XSS by specifying allowed content sources. Add header in .htaccess on Connect Quest at connectquest.co.in: `Content-Security-Policy: default-src 'self'; script-src 'self' https://www.google-analytics.com; style-src 'self' 'unsafe-inline'`. Start with `Content-Security-Policy-Report-Only` to test without blocking. Use CSP evaluator at csp-evaluator.withgoogle.com.