Table of contents
Content Security Policy ( CSP )
CSP is a layer that helps to prevent certain types of attacks including Cross-Site Scripting ( XSS ) and data injection attacks. These types of attacks are used to deface websites and steal data.
CSP is designed to be fully backward compatible.
How to use
Basically, there are two ways to use the CSP, First way is to set Content-Security-Policy in HTTP Header and the second way is to set element in HTML <head>.
Header Example:
<?php
header("Content-Security-Policy: default-src 'self'");
?>
HTML Example:
<meta http-equiv="Content-Security-Policy"
content="default-src 'self'; img-src https://*; child-src 'none';">