Security Intermediate

What is Content Security Policy (CSP)?

An HTTP security header that controls which resources a browser is allowed to load for a web page, preventing XSS and data injection.

CSP tells browsers which sources are trusted for scripts, styles, images, fonts, and other resources. For example, script-src 'self' cdn.example.com only allows scripts from the same origin and cdn.example.com.

CSP can block inline scripts (preventing most XSS), restrict form actions, prevent mixed content, and report violations. Implementation requires careful testing to avoid breaking legitimate functionality. Report-only mode helps during rollout.

Related Terms

Two-Factor Authentication (2FA)

A security method requiring two different forms of identification before granting access to an account.

An attack where malicious SQL code is inserted into application queries through user input to access or manipulate the database.

A systematic examination of an information system to assess compliance with security policies, identify vulnerabilities, and verify controls.

DAST (Dynamic Application Security Testing)

Testing a running application from the outside by sending malicious requests to discover security vulnerabilities.

Secret Management

The practice of securely storing, accessing, and rotating sensitive credentials like API keys, passwords, and certificates.

Practices and mechanisms for protecting APIs from unauthorized access, data breaches, and abuse.

View All Security Terms →