What is Content Security Policy (CSP)?
A security header that tells browsers which sources of content are trusted for your website.
Why It Matters
CSP is one of the strongest defences against XSS attacks by preventing browsers from loading untrusted scripts.
Real-World Example
A CSP header that only allows scripts from your own domain and a trusted analytics provider.
“Understanding terms like Content Security Policy (CSP) matters because it helps you have better conversations with developers and make smarter decisions about your software. You do not need to be technical. You just need to know enough to ask the right questions.”
Related Terms
XSS (Cross-Site Scripting)
A security vulnerability where attackers inject malicious scripts into web pages viewed by other users.
HTTPS
The secure version of HTTP that encrypts all data sent between a browser and website
CORS (Cross-Origin Resource Sharing)
A security mechanism that controls which websites can make requests to your server.
Learn More at buildDay Melbourne
Want to understand these concepts hands-on? Join our one-day workshop and build a real web application from scratch.
Related Terms
HTTPS
The secure version of HTTP that encrypts all data sent between a browser and website
XSS (Cross-Site Scripting)
A security vulnerability where attackers inject malicious scripts into web pages viewed by other users.
CORS (Cross-Origin Resource Sharing)
A security mechanism that controls which websites can make requests to your server.
Authentication
The process of verifying who someone is, usually through a username and password
Authorisation
Determining what actions or data a verified user is allowed to access
OAuth
A standard that lets you log into apps using your existing accounts from Google, Facebook, or other providers