Content-Security-Policy
← Back to Security Headers
An HTTP header that controls which resources (scripts, styles, images, fonts) the browser is allowed to load for a page. CSP is the strongest defense against XSS because it can prevent inline scripts and restrict script sources to trusted domains. Requires careful configuration to avoid breaking functionality.