Security Intermediate

What is Content Security Policy (CSP)?

An HTTP security header that controls which resources a browser is allowed to load for a web page, preventing XSS and data injection.

CSP tells browsers which sources are trusted for scripts, styles, images, fonts, and other resources. For example, script-src 'self' cdn.example.com only allows scripts from the same origin and cdn.example.com.

CSP can block inline scripts (preventing most XSS), restrict form actions, prevent mixed content, and report violations. Implementation requires careful testing to avoid breaking legitimate functionality. Report-only mode helps during rollout.

Learn More About This Topic

Cybersecurity Fundamentals

Related reading

Linux Security Auditing

Related reading

Linux Security Hardening

Related reading

Related Terms

Security Headers

HTTP response headers that instruct browsers to enable security features like XSS protection, framing prevention, and content type enforcement.

A social engineering attack that uses fraudulent communications to trick people into revealing sensitive information or installing malware.

A regularly updated list of the ten most critical web application security risks, published by the Open Web Application Security Project.

PKI (Public Key Infrastructure)

A framework of policies, hardware, and software for creating, managing, distributing, and revoking digital certificates.

Configuration entries that define which network traffic is allowed or blocked based on source, destination, port, and protocol.

RBAC (Role-Based Access Control)

An access control model where permissions are assigned to roles, and users are assigned to roles rather than getting permissions directly.

View All Security Terms →