Content Security Policy (CSP): An Allowlist for Browser Resources
Content Security Policy is an allowlist you send to the browser, dictating which scripts, styles, and images are safe to load. It's a primary defense against XSS attacks by blocking unauthorized resources.
Content Security Policy (CSP) is an allowlist you send with your site's responses, telling the browser which domains are trusted sources for scripts, styles, and images. This is a powerful defense against Cross-Site Scripting (XSS) because it prevents the browser from executing malicious code injected from untrusted origins. It can also be used to prevent clickjacking and enforce HTTPS. The main footgun is a misconfigured policy: too strict and you break your own site; too permissive and you gain no real security.
Read the original → developer.mozilla.org
- #security
- #web
- #http
- #xss
Get five bites like this every day.
Tezvyn delivers a daily feed of 60-second tech bites with quizzes to lock in what you learn.