Content Security Policy (CSP) Link to heading

CSP is an added layer of security in the web that helps detect an mitigate certain types of attacks. Such as XSS and data injection attacks.

To enable CSP, The web server is configured to return the Content-Security-Policy header. This is done as such:

Content-Security-Policy: {policy}

A policy is described by a series of directives mainly regarding constraints for the resources a website can consume.

Example: allow content to come from the site’s own origin and all all subdomains of example.com

Content-Security-Policy: default-src 'self' example.com *.example.com

• Mozilla