CSP

Content Security Policy

CSP is the acronym for Content Security Policy.

A computer security standard introduced to prevent cross-site scripting (XSS), clickjacking, and other code injection attacks resulting from the execution of malicious content in the trusted web page context. It’s a way to reduce or altogether remove the risk of these types of attacks by specifying trusted sources of content for a web page.

The CSP standard allows web administrators to send an HTTP response header, named Content-Security-Policy, specifying the sources from which the browser is allowed to load content. Any sources not explicitly mentioned in the CSP are not loaded or run by the browser. This includes scripts, styles, images, media, frames, fonts, etc.

The concept of CSP was first proposed by Mozilla in 2004. The initial concept was intended to mitigate persistent XSS vulnerabilities, a common web security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. Over time, the concept was refined and expanded to cover more content types and provide more granular control over policies.

CSP is beneficial because it acts as an extra layer of security that can mitigate the impact of other security vulnerabilities in web applications, such as injection flaws. It doesn’t replace good coding practices or other security measures but provides an additional layer of defense.

Although support for specific features can vary, CSP is widely supported in modern browsers, including Google Chrome, Firefox, Safari, and Microsoft Edge.

  • Abbreviation: CSP
Close

Adblock Detected

Martech Zone is able to provide you this content at no cost because we monetize our site through ad revenue, affiliate links, and sponsorships. We would appreciate if you would remove your ad blocker as you view our site.