Content security ( CSP )

Content security ( CSP )


1 min read

Content Security Policy ( CSP )

CSP is a layer that helps to prevent certain types of attacks including Cross-Site Scripting ( XSS ) and data injection attacks. These types of attacks are used to deface websites and steal data.

CSP is designed to be fully backward compatible.

How to use

Basically, there are two ways to use the CSP, First way is to set Content-Security-Policy in HTTP Header and the second way is to set element in HTML <head>.

Header Example:

    header("Content-Security-Policy: default-src 'self'");

HTML Example:

<meta http-equiv="Content-Security-Policy"
      content="default-src 'self'; img-src https://*; child-src 'none';">