Glossary

CONTENT SECURITY POLICY / CSP
defined.

An HTTP response header that constrains which sources of scripts, styles, and other resources a browser will execute.

A–Z

What is Content Security Policy (CSP)?

CSP is the strongest browser-side defence against XSS. Modern policies use strict-dynamic with a per-request nonce: only nonced inline scripts run, and dynamically inserted scripts inherit trust from their loader.

Related terms.

Cross-Site Scripting (XSS)
Subresource Integrity (SRI)
HTTP Strict Transport Security (HSTS)
Cross-Origin Resource Sharing (CORS)

Where this shows up.

See our web application penetration testing, API security testing, network penetration testing, and cloud security audit services for how we test for and defend against this class of issue.

Test for this in your stack

BOOK A FREE
scoping call.

30-minute call with an OSCP-certified engineer. Tailored proposal in 24 hours.

Book Free Scoping Call →All Services

CONTENT SECURITY POLICY / CSPdefined.

What is Content Security Policy (CSP)?

Related terms.

Where this shows up.

BOOK A FREEscoping call.

CONTENT SECURITY POLICY / CSP
defined.

BOOK A FREE
scoping call.