Skip to main content

Reports
HTML Guide
Accessibility Guide
Courses

Check your sites

HTML checks.
A11Y checks.
Schedules.
Muting.
Device emulation.
Fully automated.

Sign up now

HTML Guide for XSS

Content-Security-Policy HTTP header: Bad content security policy

content security policy
headers
CSP
XSS

The HTTP Content-Security-Policy response header allows web site administrators to control resources the user agent is allowed to load for a given page. With a few exceptions, policies mostly involve specifying server origins and script endpoints. This helps guard against cross-site scripting attacks.