Content Security Policy

acronym

web devsecurity

Stands for: Content Security Policy (CSP)

A browser policy that restricts what a page may load and run, to blunt attacks like XSS.

A Content Security Policy lets a site declare which sources of scripts, styles, and other content are allowed, so injected malicious script is refused by the browser. It is a strong second line of defence behind proper output encoding.

Also known as: csp, content security policy

All glossary entries