Content Security Policy (CSP) is a browser security mechanism that restricts which sources of content a web page is allowed to load or execute. It matters because script injection and unsafe content loading are much harder when the browser enforces tighter source rules.
What is Content Security Policy (CSP)?
CSP lets sites define policies for scripts, styles, images, frames, and other resources. It is often used to reduce the impact of XSS, limit unauthorized third-party content, and improve control over what a page can execute in the browser.
What Content Security Policy (CSP) Commonly Supports
Common uses include XSS impact reduction, third-party script control, safer resource loading, browser-side hardening, and reporting of policy violations.
Content Security Policy (CSP) vs. No Browser Content Policy
Without CSP, the browser has fewer site-defined restrictions on loaded or executed content. CSP adds explicit browser-enforced boundaries.
Frequently Asked Questions
Why is CSP important?
Because it can materially reduce the damage from some script-injection and unsafe-content problems.
Does CSP fix insecure code?
No. It is a mitigation layer, not a substitute for proper application security.
