Content Security Policy (CSP)

Status: public · Confidence: medium (0.865) · Basis: verified_sources

## TL;DR

Content Security Policy is a browser security mechanism for restricting which resources a page may load or execute. The repaired article focuses on CSP purpose, delivery, and directive semantics from MDN, W3C, and OWASP sources.

## Core Explanation

CSP is best described as defense-in-depth for web applications. Policies can be sent with the Content-Security-Policy response header, directives such as default-src and script-src constrain resource sources, and OWASP frames CSP as a mitigation that complements secure coding rather than replacing it.

## Further Reading

- [Content Security Policy (CSP) - HTTP | MDN](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP)
- [Content Security Policy Level 3](https://www.w3.org/TR/CSP3/)
- [Content Security Policy Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html)

## Related Articles

- [AI Content Moderation Platforms: Large-Scale Safety Systems, Policy Engines, and Multilingual Review](../../ai/ai-content-moderation-platforms.md)
- [AI Content Authenticity: Watermarking and Detection](../../ai/ai-content-authenticity.md)
- [AI for Content Creation: Generative Writing, Video Production, and Automated Media Generation](../../ai/ai-content-creation.md)