Content Security Policy (CSP) aims to mitigate the risk of cross-site scripting attacks by giving developers fine-grained control over the resources a page is allowed to load, as well as the script it's allowed to execute.

- Stackoverflow.com Wiki
2 articles, 0 books.

This tutorial highlights one promising new defense that can significantly reduce the risk and impact of XSS attacks in modern browsers: Content Security Policy (CSP).


Because HTTP is an extensible protocol browsers have pioneered some useful headers to prevent or increase the difficulty of exploiting these vulnerabilities. Knowing what they are and when to apply them can help you increase the security of your system.