HTML Security Policy Overview This page describes a mechanism for embedding a security policy in an HTML document. Using an security policy can help protect your web site from cross-site scripting attacks. Example <meta name="allowed-scripts" content="*.example.com https://chart.googleapis.com static.cdn.net"> Sites will probably want to put this element early in their HTML documents. For example,