Security security web headers

What is Content Security Policy (CSP)?

Definition

CSP is a security HTTP header that restricts which resources (scripts, styles, images) a page can load. It specifies allowed sources for each resource type, effectively preventing XSS attacks by blocking inline scripts and unauthorized external scripts.

Why It Matters

CSP is the strongest defense against XSS attacks. By whitelisting trusted script sources, CSP prevents injected malicious scripts from executing. It can also prevent clickjacking, data injection, and mixed content. Every secure website should implement CSP.

Related Free Tools

&;
HTML Entity Encoder
Encode & decode HTML entities
Free · No signup

Related Terms

XSS (Cross-Site Scripting) HTTP HTML Entities
← All Terms Browse all tools →