Content Security Policy is a header that allows you, the developer or security engineer, to define where web applications can load content from.
By defining a strict policy, you can completely* mitigate attacks such as cross-site scripting.
If you already love CSP, this site can help you get up and running with it quickly.
How To Use This Site
Now that you understand how to use the site, try the examples.
CSP Violations and CSP Compliance
Ready to test out your own policy?
CSP Validator
References, tools, and case studies.