Content-Security-Policy
In this lesson, we'll look at an xss attack and learn how to protect against them with the Content-Security-Policy header.
Introduction
The Content-Security-Policy
header, often abbreviated to CSP, provides a next-generation utility belt for preventing a plethora of attacks, ranging from XSS (cross-site scripting) to clickjacking.
To understand how CSP helps us, we should first think of an attack vector. Let’s say we built our own Google Search, a simple input text with a submit button. Try running it below.
Get hands-on with 1200+ tech skills courses.