# Content security ( CSP )

### Content Security Policy ( CSP )

CSP is a layer that helps to prevent certain types of attacks including Cross-Site Scripting ( [XSS](https://developer.mozilla.org/en-US/docs/Glossary/Cross-site_scripting)
) and data injection attacks. These types of attacks are used to deface websites and steal data.

CSP is designed to be fully backward compatible.

### How to use

Basically, there are two ways to use the CSP, First way is to set [Content-Security-Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy) in HTTP Header and the second way is to set [<meta>](https://developer.mozilla.org/en-US/docs/Web/HTML/Element/meta) element in HTML `<head>`.

**Header Example:**

```php
<?php
	header("Content-Security-Policy: default-src 'self'");
?>
```

**HTML Example:**

```html
<meta http-equiv="Content-Security-Policy"
      content="default-src 'self'; img-src https://*; child-src 'none';">
```
