In cybersecurity, CSP (Content Security Policy)or content security strategy, is a technique for improving the security of websites.
This is a web security mechanism that allows website administrators to specify which content sources are authorised to be loaded by the browser. It aims to prevent a wide range of attacks, including cross-site scripting (XSS), l'injection and the execution of malicious scripts.
Benefits of CSP
- Protection against Cross-Site Scripting (XSS) prevents the execution of unapproved scripts.
- Enhanced safety Reduces attack vectors by restricting external resources.
- Detection and reporting of intrusion attempts CSP: CSP errors can be reported, enabling attempted attacks to be detected.
Example of CSP
CSP is generally implemented by sending a specific HTTP header, such as Content-Security-Policy
header, with security directives defined. A typical CSP directive might look like this, specifying that only scripts and styles from the same domain are allowed, as well as images from all HTTPS domains:
Content-Security-Policy: default-src 'self'; img-src https:; script-src 'self'; style-src 'self';