We've started rolling out a new security feature called "Content Security Policy" or CSP. As a user, it will better protect your account against XSS attacks. But, be aware, it may cause issues with some browser extensions and bookmarklets.
Content Security Policy is a new HTTP header that provides a solid safety net against XSS attacks. It does this by blocking inline scripts and limiting the domains that other scripts can be loaded from. This doesn't mean you can forget about escaping user data on the server side, but if you screw up, CSP will give you a last layer of defense.
read more...........https://github.com/blog/1477-content-security-policy