CSP (Content Security Policy)
Embed This Widget
Add the script tag and a data attribute to embed this widget.
Embed via iframe for maximum compatibility.
<iframe src="https://statuscodefyi.com/iframe/glossary/csp/" width="420" height="400" frameborder="0" style="border:0;border-radius:10px;max-width:100%" loading="lazy"></iframe>Paste this URL in WordPress, Medium, or any oEmbed-compatible platform.
https://statuscodefyi.com/glossary/csp/Add a dynamic SVG badge to your README or docs.
[](https://statuscodefyi.com/glossary/csp/)Use the native HTML custom element.
An HTTP security header that controls which resources a browser is allowed to load for a given page. CSP mitigates XSS and data injection attacks by specifying allowed sources for scripts, styles, images, fonts, and other resources. Directives like script-src, style-src, and default-src define the policy. Violations can be reported to a URI specified by report-uri or report-to directives.