What is Content Security Policy (CSP)

Content Security Policy (CSP) is a security feature introduced to prevent a variety of attacks such as Cross-Site Scripting (XSS) and data injection attacks. CSP allows web developers to define a set of rules that specify which content sources are considered safe and permitted to execute or load in a web application.

By implementing a CSP, developers can control where resources can be loaded from, which can significantly reduce the risk of malicious content being executed in the browser. This policy is enforced by the browser, leading to safer web experiences.

Examples of directives that can be included in a CSP are:

  • default-src: Defines the default policy for fetching resources such as scripts, images, and stylesheets.
  • script-src: Specifies valid sources for JavaScript.
  • style-src: Defines valid sources for stylesheets.

Here is an example of a simple CSP declaration:

Content-Security-Policy: default-src 'self'; script-src 'self' https://trusted.com;

Keyword: Content Security Policy CSP web security XSS prevention data injection protection

Related Questions

How do I avoid rehashing overhead with std::set in multithreaded code?

How do I find elements with custom comparators with std::set for embedded targets?

How do I erase elements while iterating with std::set for embedded targets?

How do I provide stable iteration order with std::unordered_map for large datasets?

How do I reserve capacity ahead of time with std::unordered_map for large datasets?

How do I erase elements while iterating with std::unordered_map in multithreaded code?

How do I provide stable iteration order with std::map for embedded targets?

How do I provide stable iteration order with std::map in multithreaded code?

How do I avoid rehashing overhead with std::map in performance-sensitive code?

How do I merge two containers efficiently with std::map for embedded targets?