CSP - Content Security Policy

CSP - Content Security Policy it is a feature in browsers which helps detect amd mitigate some attacks: XSS 2023042015372828 XSS and data injection attack. Server must send header "Content Security Policy" or send in meta tag information about policy. 1. Server can permit do script only certain domains or can deny any scripts including inline scripts. 2. Example:

Content-Security-Policy: default-src 'self'; img-src *; media-src example.org example.net; script-src userscripts.example.com

References

1. (Mozilla, 2021), https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP