CSP (Content Security Policy)
CSP is a browser security standard that reduces XSS by restricting what scripts can run.
Updated: 2026-03-06
Definition
Content Security Policy (CSP) lets a site define which sources of scripts, styles, and other resources are allowed.
It can block inline scripts and prevent loading code from untrusted domains.
Key points
- Reduces XSS impact
- Controls allowed script sources
- Requires careful rollout to avoid breaking apps
Common mistakes
- Deploying strict CSP without reporting/testing.
- Using 'unsafe-inline' which weakens CSP.
Related exams
Related terms
Want to practice this in exam-style questions?
Use the mini tests on each exam page, then continue in the app for offline packs and detailed explanations.
Go to exams