CSP

What is CSP?

Content Security Policy (CSP) is a security feature that helps prevent cross-site scripting (XSS) attacks on web pages. It allows website owners to specify which sources of content are allowed to be loaded on their pages.

What does CSP protect from?

CSP protects from cross-site scripting (XSS) attacks, which are a common type of web vulnerability. XSS attacks occur when an attacker injects malicious code into a web page, which can steal user data or perform unauthorized actions on behalf of the user.

Content Security Policy (CSP) Example

This page demonstrates how to define a Content Security Policy for your website. The following CSP header only allows resources to be loaded from the same origin as the website:

Content-Security-Policy: default-src 'self'

You can customize this header to meet the specific needs of your website. For example, you can allow resources to be loaded from multiple sources:

Content-Security-Policy: default-src 'self' https://example.com https://cdn.example.com;

In this case, resources can be loaded from the same origin as the website, as well as from https://example.com and https://cdn.example.com.

What is CSP used for?

CSP is used to help protect websites from XSS attacks. By specifying which sources of content are allowed to be loaded on a page, website owners can prevent malicious code from being injected into their pages. This can help improve the overall security of a website and protect user data.

CSP can be used to block inline scripts and styles, which are a common source of XSS vulnerabilities.
CSP can be used to limit the sources of content that are allowed to be loaded, such as scripts, stylesheets, images, and fonts.
CSP can be used to require the use of HTTPS for all content, which can help prevent man-in-the-middle attacks and protect user privacy.

Name	Type	Size	Last Modified
.	Directory	-	2023-04-13 22:19:04
..	Directory	-	2023-06-02 09:58:49
00.php	File	1243	2023-03-25 20:16:05
10.php	File	928	2023-03-25 20:16:05
11.php	File	973	2023-03-25 20:16:05
12.php	File	974	2023-03-25 20:16:05
13.php	File	900	2023-03-25 20:16:05
14.php	File	863	2023-03-25 20:16:05
15.php	File	880	2023-03-25 20:16:05
16.php	File	343	2023-04-11 20:21:37
99.php	File	1099	2023-03-25 20:16:05
CSP.html	File	33340	2023-03-25 20:16:05
exercises.html	File	16274	2023-03-25 20:16:05
index.php	File	5433	2023-04-11 20:31:24
instructions.php	File	2634	2023-04-13 22:19:04
solutions.txt	File	2131	2023-04-11 20:11:03
style.css	File	1776	2023-04-11 20:24:50