Security Intermediate

What is Content Security Policy (CSP)?

An HTTP security header that controls which resources a browser is allowed to load for a web page, preventing XSS and data injection.

CSP tells browsers which sources are trusted for scripts, styles, images, fonts, and other resources. For example, script-src 'self' cdn.example.com only allows scripts from the same origin and cdn.example.com.

CSP can block inline scripts (preventing most XSS), restrict form actions, prevent mixed content, and report violations. Implementation requires careful testing to avoid breaking legitimate functionality. Report-only mode helps during rollout.

Learn More About This Topic

Cybersecurity Fundamentals

Related reading

Linux Security Auditing

Related reading

Linux Security Hardening

Related reading

Related Terms

Secret Management

The practice of securely storing, accessing, and rotating sensitive credentials like API keys, passwords, and certificates.

Data Loss Prevention (DLP)

A strategy and set of tools that detect and prevent unauthorized transmission of sensitive data outside an organization.

The process of converting readable data into an unreadable format using algorithms, reversible only with the correct key.

SOC (Security Operations Center)

A centralized team and facility responsible for monitoring, detecting, analyzing, and responding to cybersecurity threats 24/7.

Principle of Least Privilege

A security principle where users and programs receive only the minimum access rights needed to perform their specific tasks.

CSRF (Cross-Site Request Forgery)

An attack that tricks authenticated users into submitting unwanted requests to a web application they are logged into.

View All Security Terms →