You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement to distribution of malware.
In works like this:
a Web server set CSP via a HTTP response headers (Content-Security-Policy and X-XSS-Protection
a compliant Web browser will enforce the CSP set in the HTTP response header set on the document loaded for the main browsing context
the CSP can limit the origins from where stuff like images, stylessheets and of course JS can be loaded (that would run in the original browsing context!)
In works like this:
Content-Security-Policy
andX-XSS-Protection
References:
The text was updated successfully, but these errors were encountered: