In this lesson, we'll look at an xss attack and learn how to protect against them with the Content-Security-Policy header.


The Content-Security-Policy header, often abbreviated to CSP, provides a next-generation utility belt for preventing a plethora of attacks, ranging from XSS (cross-site scripting) to clickjacking.

To understand how CSP helps us, we should first think of an attack vector. Let’s say we built our own Google Search, a simple input text with a submit button. Try running it below.

Get hands-on with 1200+ tech skills courses.