A Content Security Policy (CSP) is a set of rules that define what content on a webpage can or cannot be loaded by a visitor’s browser.
If your app doesn't have a CSP
If you’re interested in learning more about the benefits of adding a CSPs to your site and how you can set one up, this article from Codeship is a great place to start.
script-src 'self' https://js.driftt.com; frame-src 'self' https://js.driftt.com;
This enables the Drift widget's iframe to be loaded on your site from https://js.drift.com. The majority of the widget's assets are loaded from within this iframe so they are already sandboxed from the rest of your sites content.