Content Security Policy allows Gmail to offer better protection compared to extensions that can load untrusted code.
For its Gmail email service, Google implements Content Security Policy, which is a W3c Specification .Here, this feature offers vis-à-vis protection of Gmail extensions for the browser that could load untrusted code and interfere with an ongoing session.
It is the portrait of a robot type attack Cross-Site Scripting – XSS – under which the messaging security can be compromised. The extension is not necessarily malicious, but coding errors can make it dangerous. With this Gmail Inbox Becomes More Safe for you.
The principle of CSP is to provide an HTTP header to identify reliable sources of content and scripts that the browser is allowed to load on a page.In short, a kind of white list.
The support of CSP regarding the web version of Gmail. There is no mention of mobile devices, but we can assume that this is because the extensions are common to the browser on the desktop.
In a completely different level than that of safety, it is now possible to directly send Google Drive files as attachments in Gmail rather than mere Drive to share links.