Content Security Policy

Full Title or Meme

Content Security Policy is a mechanism designed to make applications more secure against common web vulnerabilities, particularly cross-site scripting. It is enabled by setting the Content-Security-Policy HTTP response header.

Context

• As a part of having a Trusted Identity in Cyberspace a series of Framework Profiles have been created to allow digital Entities to give users a statement about the policies that they support.

Problems

Solutions

• An Introduction to Content Security Policy

References

• On "with google" Content Security Policy
• OWASP presentations So we broke all CSPs and what happened next.
• Trusted Location