Content Security Policy (CSP)
Definition
Content Security Policy is an HTTP security header that restricts which scripts, styles, images, and other resources a page may load.
By Vinespire Editorial Team, Editorial ·
This term is part of the full AI search glossary.
Full definition
CSP mitigates XSS and data-injection attacks by declaring trusted origins (script-src, style-src, img-src, and related directives). Browsers block violations; report-only mode helps tune policies before enforcement.
Overly strict CSP can break third-party tags, embeds, or JSON-LD injection patterns if not planned carefully. SEO markup should be served in ways CSP allows—inline JSON-LD often needs a hash, nonce, or safe policy design.
CSP is a security control, not a ranking factor, but broken pages and missing structured data hurt both users and machine readability. See HSTS and Edge Worker.