Content Security Policy as a tool for web performance governance

What is Content Security Policy?

Until the advent of Content Security Policy (CSP), it was extremely difficult to protect your website’s visitors from the injection of malicious code that could place unwanted links on your web pages, hijack complete sessions or even cause corruption of your website itself.

What makes matters worse is that in the absence of any reporting mechanism, it is very difficult to know when these types of attack are occurring.

To address these threats, in late 2015, the W3C issued Content Security Policy 1.0 as a first response and followed up with 2.0 in December 2016.

At the core of CSP is a simple concept: using standard headers, a website is able to instruct the browser what it is authorised to execute and what it must block. With these simple instructions, the issues outlined above are severely negated.
Continue reading