One of the primary computer security standards is CSP (Content Security Policy). This header was introduced to prevent attacks like cross-site scripting (XSS), clickjacking and other code injection attacks. These attacks usually result in the execution of malicious content in the trusted web page context. This issue leads to vulnerabilities like Cross-site Scripting and related attacks. Not implementing Content Security Policy in the application misses out on the extra layer of security. CSP can be used to restrict script loading to a single domain. There are some keywords for setting CSP directives:-
Example The below code is the example of content security policy.
Using this vulnerability, an attacker can:-
Beagle recommends enabling CSP on your website by sending the Content-Security-Policy in HTTP response headers. The header must instruct the browser to apply the policies you specified.
If the website refers to other URLs, these URLs can be whitelisted as follows.