The Web Application Security Working Group has published a Working Draft of Content Security Policy Level 3. This document defines a mechanism by which web developers can control the resources which a particular page can fetch or execute, as well as a number of security-relevant policy decisions.