What is Content-Security-Policy (CSP)? Ingrid Content-Security-Policy (CSP) directives are in-depth controls that can be used to protect against code injection. It requires a website to be designed or refactored with CSP in mind. Assessed Directives Goals Implementation When used, their presence indicates a company has a good cyber security posture. A properly configured Content-Security-Policy (CSP) can help prevent cross-site scripting (XSS) attacks by restricting the origins of JavaScript, CSS, and other potentially dangerous resources. The absence of CSP directives does not automatically make a website or service exploitable. Required for: HTTP/1.1 HTTP/1.0 Resources Mozilla: Content-Security-Policy W3 “Content Security Policy Level 2” December 15, 2016 November 21, 2019: Published. Related articles What Content-Security-Policy (CSP) Directives are Assessed? How is the Web Application Headers Risk Vector Assessed? Goals of Content-Security-Policy (CSP) TLS/SSL Finding Remediation & Remediation Verification Setting a DMARC Policy Feedback 0 comments Please sign in to leave a comment.