Content Security Policy (CSP) on Hosted Sites
Reduce XSS and injection with CSP headers; report-only and tuning.
← Back to blog
CSP headers restrict which sources can load script, style, and other resources. Start in report-only mode to find violations, then enforce. Tune directives to allow legitimate CDNs and inline scripts. Use nonce or hash for inline scripts.
