CSP is the de facto way to filter a sites exploitable surface areas. The current problem that needs some thought is being able to share your policy for others to be able to consume.
The easiest way for this to be made possible is to provide a JSON representation of CSP so that libraries can publish their polices. Tools can be then made available to merge policies together easily and ultimately then allow a smoother transition to a secure internet.
This may for example look like:
{
"default-src": ["'self'", "domain.com"],