Promptles
Security

Content Security Policy (CSP)

intermediate

Definition

A whitelist that a website hands to the browser, saying 'only run code, fonts, and images from these places I trust: refuse anything else.' If an attacker manages to slip a sneaky script onto the page, the browser blocks it because it didn't come from an approved source.

In the wild

A bank's website tells the browser, 'only load scripts from my own domain.' Later, a security flaw lets an attacker inject a malicious script. Without a CSP, the browser would have run it. With the policy in place, the browser sees that the script came from somewhere unapproved and quietly refuses to run it.

More from Security