Content Security Policy

Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross-Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. Content Security Policy (CSP) is an W3C specification offering the possibility to instruct the client browser from which location and which type of resources are allowed to be loaded. To define a loading behaviour, the CSP specification use “directive” where a directive defines a loading behaviour for a target resource type.