Content Security Policy (CSP)
Content Security Policy (CSP) is a browser header that restricts which scripts, styles and resources can load—reducing XSS risk.
CSP is a security header that tells browsers which sources of scripts, styles, images and other resources are allowed.
- Reduces XSS impact
- Supports reporting mode to test safely
- Often combined with nonces/hashes