Security Intermediate

What is Content Security Policy (CSP)?

An HTTP security header that controls which resources a browser is allowed to load for a web page, preventing XSS and data injection.

CSP tells browsers which sources are trusted for scripts, styles, images, fonts, and other resources. For example, script-src 'self' cdn.example.com only allows scripts from the same origin and cdn.example.com.

CSP can block inline scripts (preventing most XSS), restrict form actions, prevent mixed content, and report violations. Implementation requires careful testing to avoid breaking legitimate functionality. Report-only mode helps during rollout.

Learn More About This Topic

Cybersecurity Fundamentals

Related reading

Linux Security Auditing

Related reading

Linux Security Hardening

Related reading

Related Terms

SAST (Static Application Security Testing)

Automated analysis of source code to find security vulnerabilities without executing the application.

A regularly updated list of the ten most critical web application security risks, published by the Open Web Application Security Project.

SOC (Security Operations Center)

A centralized team and facility responsible for monitoring, detecting, analyzing, and responding to cybersecurity threats 24/7.

SIEM (Security Information and Event Management)

A platform that collects, correlates, and analyzes security events from across an organization to detect threats and incidents.

Brute Force Attack

An attack method that systematically tries all possible combinations of passwords or keys until the correct one is found.

XSS (Cross-Site Scripting)

An attack that injects malicious scripts into web pages viewed by other users, potentially stealing data or session tokens.

View All Security Terms →