A security method that enables a website to specify which resources are allowed to be executed or downloaded based on the domain or subdomain names of the site. The content security policy (CSP) is an HTTP response header that was standardized in 2012 to prevent malicious code from being executed. For example, the CSP can specify which domains are valid for executing JavaScript and which protocols are allowed such as HTTPS. See
HTTPS,
HTTP response header and
XSS.