Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents
maxLevel2
absoluteUrltrue
typeflat

Background

Content Security Policy (CSP) is an important standard by the W3C that is aimed to prevent a broad range of content injection attacks such as cross-site scripting (XSS).  It is an effective "defense in depth" technique to be used against content injection attacks.  It is a declarative policy that informs the user agent what are valid sources to load from.  Since, it was introduced in Firefox version 4 by Mozilla, it has been adopted as a standard, and grown in adoption and capabilities. [OWASP-CSP-CS]

Headers

Content-Security-Policy

...

Additional Resources