Content Security Policy and Modern Web Security
Content Security Policy and Modern Web Security Content Security Policy (CSP) is a set of browser rules that tell a page where to load resources from. It helps reduce cross-site scripting (XSS) and other injection risks. With many sites moving to dynamic content, CSP is a key part of modern web security. It works best when combined with HTTPS and careful coding practices. A CSP can be delivered by an HTTP header named Content-Security-Policy or, in simple cases, by a meta tag. The header is widely supported and applies to all subresources. A common starting point is a policy that limits all loads to the site itself: default-src ‘self’. From there, teams add sources for scripts, styles, images, and fonts. ...