Content Security Policy (CSP) is a powerful defense against XSS and injection attacks.
Basic CSP Header
Loading code block...
Common Directives
default-src - Fallback for other directives
script-src - JavaScript sources
style-src - CSS sources
img-src - Image sources
font-src - Font sources
connect-src - XHR, WebSocket, fetch sources
frame-src - iframe sources
object-src - plugins (Flash, etc.)
base-uri - <base> tag restrictions
form-action - Form submission targets
frame-ancestors - Who can embed this page
Practical CSP Examples
Loading code block...
Nonce-Based CSP
Loading code block...
Hash-Based CSP
Loading code block...
Next.js CSP
Loading code block...
CSP Reporting
Loading code block...
Deployment Strategy
Loading code block...
Common Issues
Loading code block...
CSP significantly reduces XSS risk when implemented properly.