Content Security Policy and XSS defense

November 26, 2012 · by · in Security · Leave a comment

W3C introduced a standard to help protect websites against XSS by adding the following meta tag to the website response generated by a server:

Content-Security-Policy: script-src 'self'; object-src 'none'

References:

W3C Standard

Content Security Policy 1.0 is officially awesome

An Introduction to Content Security Policy

Tags: ,

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: