CSP headers (Content Security Policy) are HTML headers and are used to control the content of an HTML structure.
CSP headers can be used to configure whether inline styles or inline scripts are executed or whether they are ignored for security reasons. It is also possible to configure from which sources external content, e.g. CSS files, may be reloaded.
The setting can be found under Settings/Account.
The official specification with some examples can be found here:
If you have configured a CSP header, please immediately check the key mechanisms and objects in your account to ensure that no important functions have been restricted.