Re: CSP policy to constrain cookies to origin

Add a description of Re: CSP policy to constrain cookies to origin