CSP (Content Security Policy)

Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware.

Content Security Policy topics

Introducing Content Security Policy
An overview of what CSP is and how it can make your site more secure.
CSP policy directives
A reference to the CSP policy directives.
Using Content Security Policy
You can adjust the behavior of CSP by configuring policy sets. This lets you loosen and tighten security for individual types of resources, based on your site's needs. This article describes how to set up CSP, as well as how to enable it for your site.
Content Security Policy recommendation bookmarklet
A bookmarklet that analyzes the content of the current page and recommends a CSP configuration.
Using CSP violation reports
How to use Content Security Policy violation reports to monitor attempts to attack your site and its users.
Default CSP restrictions Obsolete since Gecko 15.0
Details about the default restrictions enforced by CSP.

See also