Content Security Policy (CSP)
HTTP response policy that restricts sources of active and passive content to mitigate XSS and related injection risks.
#web#security#headers
Last updated: 2025-09-07T00:00:00.000Z
Differences across sources
Parallel sources use distinct terminology or emphasize different aspects.
Review each citation to understand scope and normative intent.
Evidence
OTHER W3C CSP Level 3 Normative evidence
OTHER MDN: Content Security Policy (reference) Informative evidence
More context
CSP lets sites declare allowable content sources, blocking inline scripts and unauthorized origins to reduce injection risk.