Skip to content
Pricing RU Sign In
RU

CSP: Definition, Syntax, and Examples

By · Updated
TL;DR:

CSP (Content Security Policy) is an HTTP header that defends against XSS. It declares an allowlist of script, style, image and font sources. Modern CSP uses nonce for inline scripts instead of unsafe-inline. Example: default-src 'self'; script-src 'self' 'nonce-abc123'; object-src 'none'.

Try it now — free →

What is a CSP

CSP (Content Security Policy) is an HTTP header that defends against XSS. It declares an allowlist of script, style, image and font sources. Modern CSP uses nonce for inline scripts instead of unsafe-inline. Example: default-src 'self'; script-src 'self' 'nonce-abc123'; object-src 'none'.

Check CSP online

Use the Enterno.io tool — enter a domain, get results in 1-2 seconds. Free, no signup.

Check →

Understanding CSP Directives

Implementing CSP with HTTP Headers

CSP Reporting and Monitoring

Related guides

Learn more

How-to

Glossary

Frequently Asked Questions

How does CSP differ from similar concepts?

See the full breakdown in the article above. For a quick check, use our online tool.

Does this need manual updates?

Usually no — most modern services configure it automatically. Manual setup is only needed for migrations or exotic configurations.

Try the live tool that powered this guide

Free plan — 20 monitors, 5-minute checks, no card required. Upgrade for 1-minute interval and multi-region monitoring.

Start freeSee pricing

Start monitoring for free

Sign up and get access to API, monitoring and notifications

Create Account API Documentation