Too Long; Didn't Read
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. CSP is designed to be fully backward compatible (except CSP version 2 where there are some inconsistencies in backward compatibility; more details here section 1.1). Browsers that don't support CSP still work with servers that implement it, and vice-versa: browsers simply ignore it. If the site doesn't offer the CSP header, browsers likewise use the standard same-origin policy.