Content Security Policy (CSP) is a security header that assists in identifying and mitigating many kinds of attacks, including Cross site Scripting (XSS), click jacking and data injection attacks. These attacks area unit utilized for everything from stealing of information or web site damage to spreading of malware.
CSP is compatible with browsers that don’t even support CSP and can still work with servers that have enforced it, and vice-versa. Browsers that don’t support CSP will neglect it, in operation as usual, and defaulting to the standard same-origin policy for online page.
By using correct CSP directives in HTTP response headers, you'll be able to by selection define that data sources should be allowed in your web application.
We have a tendency to offer various open communication tools on our web site, like journal comments, blog posts, public chat, forums, message boards, newsgroups, product ratings and reviews, numerous social media services, etc. You perceive that generally we do not pre-screen or monitor the content posted by users of those numerous communication tools, which means that if you decide to use these tools to submit any type of content to our web site, then it's your personal responsibility to use these tools during a accountable and moral manner. By posting information or otherwise using any open communication tools as mentioned, you agree that you simply won't upload, post, share, or otherwise distribute any content that: