๐ŸŽ New User? Get 20% off your first purchase with code NEWUSER20 ยท โšก Instant download ยท ๐Ÿ”’ Secure checkout Register Now โ†’
Menu

Categories

Security Intermediate

What is Content Security Policy (CSP)?

An HTTP security header that controls which resources a browser is allowed to load for a web page, preventing XSS and data injection.

CSP tells browsers which sources are trusted for scripts, styles, images, fonts, and other resources. For example, script-src 'self' cdn.example.com only allows scripts from the same origin and cdn.example.com.

CSP can block inline scripts (preventing most XSS), restrict form actions, prevent mixed content, and report violations. Implementation requires careful testing to avoid breaking legitimate functionality. Report-only mode helps during rollout.

Related Terms

SQL Injection
An attack where malicious SQL code is inserted into application queries through user input to access or manipulate the database.
Security Headers
HTTP response headers that instruct browsers to enable security features like XSS protection, framing prevention, and content type enforcement.
PKI (Public Key Infrastructure)
A framework of policies, hardware, and software for creating, managing, distributing, and revoking digital certificates.
CORS (Cross-Origin Resource Sharing)
A browser security mechanism that controls which web domains can access resources from another domain via HTTP requests.
Vulnerability Scanning
Automated testing that identifies known security weaknesses in systems, applications, and network infrastructure.
SIEM (Security Information and Event Management)
A platform that collects, correlates, and analyzes security events from across an organization to detect threats and incidents.
View All Security Terms โ†’