Content Security Policy done right!

Something smarter than just setting a header...