Content Security Policy

Also known as: CSP

An HTTP response header that allows web developers to restrict which sources of content (scripts, styles, images, frames, etc.) a browser will load for a given page, mitigating cross-site scripting and data injection attacks. CSP interacts with browser extensions because strict policies can block extension content scripts from modifying the page, which affects both security and accessibility overlays that rely on DOM injection.

Category: web-technology · security

Related: Content Script · Browser Extension

Sources

https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
https://www.w3.org/TR/CSP3/