Home > Cybersecurity glossary > CSP (Content Security Policy) 🟢 Protection

CSP (Content Security Policy) 🟢 Protection

In cybersecurity, CSP (Content Security Policy)or content security strategy, is a technique for improving the security of websites.

This is a web security mechanism that allows website administrators to specify which content sources are authorised to be loaded by the browser. It aims to prevent a wide range of attacks, including cross-site scripting (XSS), l'injection and the execution of malicious scripts.

 

Benefits of CSP

  • Protection against Cross-Site Scripting (XSS) prevents the execution of unapproved scripts.
  • Enhanced safety Reduces attack vectors by restricting external resources.
  • Detection and reporting of intrusion attempts CSP: CSP errors can be reported, enabling attempted attacks to be detected.

 

Example of CSP

CSP is generally implemented by sending a specific HTTP header, such as Content-Security-Policyheader, with security directives defined. A typical CSP directive might look like this, specifying that only scripts and styles from the same domain are allowed, as well as images from all HTTPS domains:

Content-Security-Policy: default-src 'self'; img-src https:; script-src 'self'; style-src 'self';

Towards the ORSYS Cyber Academy: a free space dedicated to cybersecurity