application-security

CSP

Content Security Policy

Definition

CSP is an HTTP response header that instructs browsers to only load resources from approved sources, significantly reducing the risk of XSS and data injection attacks. A strict CSP policy can block inline scripts, restrict script sources to specific domains, and prevent clickjacking via frame-ancestors directives.

Deploying CSP requires careful inventory of all resource origins to avoid breaking legitimate functionality.

Related Terms

XSS

Cross-Site Scripting

SRI

Subresource Integrity

HSTS

HTTP Strict Transport Security

← Back to Glossary

Ship secure code faster

Crash Override integrates security into the developer workflow. No context switching, no waiting on reviews.

Talk to a Human See the Product