CSP
Content Security Policy
An HTTP header that helps prevent XSS attacks by specifying which resources a page can load.
Technical Detail
CSP is delivered via the Content-Security-Policy HTTP header. Directives control resource sources: script-src (JavaScript), style-src (CSS), img-src (images), connect-src (XHR/fetch). The 'nonce-' source allows specific inline scripts with a cryptographic nonce. 'strict-dynamic' propagates trust to scripts loaded by trusted scripts. Report-only mode (Content-Security-Policy-Report-Only) logs violations without blocking, useful for gradual deployment. CSP is the strongest defense against XSS when configured to block all inline scripts.
Example
```javascript
// CSP: web API example
const response = await fetch('/api/resource');
const data = await response.json();
console.log(data);
```
Related Tools
H
Hash Generator
S
SERP Preview
O
OG Tag Debugger
H
Heading Analyzer
P
Password Generator
K
Keyword Density Analyzer
R
Readability Score
U
Unix Timestamp Converter
X
XML Sitemap Generator
S
Schema.org Generator
C
Cron Expression Generator
L
Link Extractor
C
Canonical Tag Checker
C
Chmod Calculator
R
Robots.txt Analyzer
S
String Escape / Unescape
I
IP Subnet Calculator
S
Structured Data Validator
C
Color Code Converter
W
Word Count & SEO Grade
C
CSV ↔ JSON Converter
M
Meta Length Checker
U
URL Slug Generator
X
XML ↔ JSON Converter
K
Keyword Density Analyzer
S
SQL Formatter
M
Markdown Table Generator
H
HTTP Status Code Reference
M
Meta Tags Generator
R
Robots.txt Generator
.
.gitignore Generator
H
HTML Formatter
C
CSS Unit Converter
J
JSONPath Evaluator
T
Text Diff Checker
D
Data URI Converter
L
Lorem Ipsum Generator
P
Path Converter
.
.htaccess Generator
.
.env Validator
P
Placeholder Image Generator