RepairYour.Tech
security en

Content Security Policy

security

Also called: CSP

Plain-language definition

Plain-language definition

Browser rules that restrict where a page may load and run content.

Why it matters

A strict CSP reduces the impact of content injection and blocks unexpected third-party execution.

Technical detail

Content Security Policy is an HTTP response policy that limits script, style, frame, connection, and other resource sources and can use nonces or hashes.

Examples

  • A nonce allows the intended inline bootstrap script while other inline scripts remain blocked.

Sources and review

Reviewed July 12, 2026 by [email protected]. Next review due January 11, 2027.

  1. Content Security Policy Level 3 — World Wide Web Consortium Accessed 7/11/2026

See something we should improve?

Suggest a correction to “Content Security Policy.” Suggestions are reviewed before the published definition changes.

Press ? for shortcuts