security en
Content Security Policy
security
Also called: CSP
Plain-language definition
Plain-language definition
Browser rules that restrict where a page may load and run content.
Why it matters
A strict CSP reduces the impact of content injection and blocks unexpected third-party execution.
Technical detail
Content Security Policy is an HTTP response policy that limits script, style, frame, connection, and other resource sources and can use nonces or hashes.
Examples
- A nonce allows the intended inline bootstrap script while other inline scripts remain blocked.
Related terms
Sources and review
Reviewed July 12, 2026 by [email protected]. Next review due January 11, 2027.
- Content Security Policy Level 3 — World Wide Web Consortium Accessed 7/11/2026
See something we should improve?
Suggest a correction to “Content Security Policy.” Suggestions are reviewed before the published definition changes.