CSP, which stands for Content Security Policy, is a security addition that sites may use to detect and mitigate certain attack types such as Cross Site Scripting or data injections.
Browser extensions may use CSP injection to modify headers. The popular content blocker uBlock Origin may use it to block remote fonts from loading on pages visited in the browser, and Canvas Blocker uses it to block data URL pages.
The referenced article includes a link that ghacks maintains of extensions known to use CSP. In addition to uBlock Origin, the list includes popular extensions including HTTPS Everywhere and others.
If you use uBlock Origin on Firefox and are experiencing issues, try the following solution for uBlock Origin:
- Tools > Add-ons > Extensions > uBlock Origin
- Dashboard > Settings > UNcheck "Block remote fonts" under Default Behavior.