Content Security Policy (CSP)

Definition

Content Security Policy is an HTTP security header that restricts which scripts, styles, images, and other resources a page may load.

By Vinespire Editorial Team, Editorial ·

See our sourcing methodology →

TechnicalAI search glossary

This term is part of the full AI search glossary.

Full definition

CSP mitigates XSS and data-injection attacks by declaring trusted origins (script-src, style-src, img-src, and related directives). Browsers block violations; report-only mode helps tune policies before enforcement.

Overly strict CSP can break third-party tags, embeds, or JSON-LD injection patterns if not planned carefully. SEO markup should be served in ways CSP allows—inline JSON-LD often needs a hash, nonce, or safe policy design.

CSP is a security control, not a ranking factor, but broken pages and missing structured data hurt both users and machine readability. See HSTS and Edge Worker.

← All glossary terms