What is Content Security Policy?
Updated: Apr 2
Content Security Policy (CSP) is a security framework built into the browser. CSP allows the browser to block content from sources other than those the developer lists as safe sources. CSP can limit exposure to browser-based attacks by blocking injected content such as cross-site scripts, rouge images, framing attacks, and other malcious content.
Content Security Policy (CSP) is intended to replace several browser security controls that were formerly independent of each other. These include X-Frame-Options and X-XSS-Protection headers. There are many directives within CSP and CSP requires developers to follow best-practices when writing code. This makes CSP a complex technology to implement, but CSP remains the most powerful browser-based security feature since Same Origin Policy sandboxing.
This video series explains CSP and can help you get started.