Skip to content
Pricing RU Sign In
RU

CSP: Definition, Syntax, and Examples

By · Updated
TL;DR:

CSP (Content Security Policy) is an HTTP header that defends against XSS. It declares an allowlist of script, style, image and font sources. Modern CSP uses nonce for inline scripts instead of unsafe-inline. Example: default-src 'self'; script-src 'self' 'nonce-abc123'; object-src 'none'.

Try it now — free →

What is a CSP

CSP (Content Security Policy) is an HTTP header that defends against XSS. It declares an allowlist of script, style, image and font sources. Modern CSP uses nonce for inline scripts instead of unsafe-inline. Example: default-src 'self'; script-src 'self' 'nonce-abc123'; object-src 'none'.

Check CSP online

Use the Enterno.io tool — enter a domain, get results in 1-2 seconds. Free, no signup.

Check →

Related guides

Learn more

How-to

Glossary

Frequently Asked Questions

How does CSP differ from similar concepts?

See the full breakdown in the article above. For a quick check, use our online tool.

Does this need manual updates?

Usually no — most modern services configure it automatically. Manual setup is only needed for migrations or exotic configurations.

Start monitoring for free

Sign up and get access to API, monitoring and notifications

Create Account API Documentation