Content-Security-Policy (CSP) directives are in-depth controls that can be used to protect against code injection. It requires a website to be designed or refactored with CSP in mind.
When used, their presence indicates a company has a good cyber security posture. A properly configured Content-Security-Policy (CSP) can help prevent cross-site scripting (XSS) attacks by restricting the origins of JavaScript, CSS, and other potentially dangerous resources.
The absence of CSP directives does not automatically make a website or service exploitable.
Required for:
- HTTP/1.1
- HTTP/1.0
Resources
November 21, 2019: Published.
Feedback
0 comments
Please sign in to leave a comment.