The Lightning Component framework uses Content Security Policy (CSP), which is a W3C standard, to control the source of content that can be loaded on a page. To use third-party APIs that make requests to an external (non-Salesforce) server, add the server as a CSP Trusted Site.
1.From Setup, enter CSP in the Quick Find box, then select CSP Trusted Sites.
This page displays a list of any CSP Trusted Sites already registered, and provides additional information about each site, including site name and URL.
2.Select New Trusted Site.
3.Name the Trusted Site.
For example, enter Google Maps.
4.Enter the URL for the Trusted Site.
The URL must begin with http:// or https://. It must include a domain name, and can include a port.
5.Enter a description for the Trusted Site.
6.To temporarily disable a Trusted Site without actually deleting it, deselect the Active checkbox.
7.Select the Context for this trusted site to control the scope of the approval.
All – (Default)CSP header is approved for both your organization’s Lightning Experience and Lightning Communities
LEX – CSP header is approved only for your organization’s Lightning Experience
Communities – CSP header is approved only for your organization’s Lightning Communities
NOTE : To enable corresponding access for Visualforce or Apex, create a Remote Site.
This information is very useful to create CSP Trusted sites to Access Third-Party APIs.