midWeb Security

What is Content Security Policy (CSP)?

Updated May 6, 2026

Short answer

CSP restricts sources of executable content in a web page.

Deep explanation

It helps mitigate XSS by defining allowed script, style, and media sources.

Real-world example

Blocking inline malicious scripts.

Common mistakes

  • Using unsafe-inline excessively.

Follow-up questions

  • Can CSP block all XSS?
  • What is report-only mode?

More Web Security interview questions

View all →