Content security policies (CSPs) are a relatively new security element on the web horizon. CSPs use browsers to detect and mitigate certain types of attacks like cross-site scripting (XSS), clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context. CSPs can be used for simple purposes like enforcing https on SSL-enabled sites, to more sophisticated uses like authorizing only truly trusted sources and blocking others.

Most sites do not have CSPs installed, but it’s important to be aware of them and how they can be used to add an additional layer of security to your website.

Presentation Slides »