Content Security Policy
Everything on SkillVeris tagged Content Security Policy — collected across the glossary, study notes, blog, and cheat sheets.
8 resources across 1 library
Interview Questions(8)
HTTP Headers Explained: Key Types and Uses
HTTP headers are key-value metadata sent alongside a request or response that control behavior without touching the body — covering content negotiation (Accept…
What is XSS?
XSS (Cross-Site Scripting) is a vulnerability where an attacker injects malicious JavaScript into a page viewed by other users, letting that script run with th…
What is Content Security Policy (CSP)?
Content Security Policy (CSP) is an HTTP response header that tells the browser which sources of scripts, styles, images, and other resources are allowed to lo…
What Is Clickjacking and How Do You Prevent It?
Clickjacking is an attack where a malicious page overlays or embeds a legitimate site inside a transparent or disguised iframe, tricking a user into clicking o…
What Is Subresource Integrity (SRI)?
Subresource Integrity is a browser security feature where you attach a cryptographic hash of an expected file to a script or stylesheet tag so the browser refu…
What Are HTTP Security Headers and Why Do They Matter?
HTTP security headers are response headers a server sends to instruct the browser to enable or restrict specific behaviors — such as blocking inline scripts, r…
How Do CSP Nonces Prevent Inline Script Injection?
A CSP nonce is a random, single-use token the server generates per response and embeds both in the Content-Security-Policy header and as a nonce attribute on e…
What Is the Trusted Types API and How Does It Prevent DOM XSS?
The Trusted Types API is a browser-enforced mechanism, activated via a CSP directive, that blocks a page’s dangerous DOM sinks — like innerHTML or eval — from…