Imported from bugzilla.wikimedia.org (original author: seather).
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks and unintentional privacy policy violations. Including:
- Reduce Cross Site Scripting (XSS) and data injection attacks.
- Avoid accidental loading of images, fonts, styles or other resources from third-party domains.
https://developer.mozilla.org/en/Introducing_Content_Security_Policy
https://www.w3.org/TR/CSP/
Enabling CSP is as easy as configuring your web server to return the Content-Security-Policy HTTP header.
Other products jumping on the band wagon:
- phpMyAdmin: http://www.phpmyadmin.net/documentation/changelog.php ("[core] Include Content Security Policy HTTP headers.")
- MantisBT: http://www.mantisbt.org/blog/?p=119 ("As Firefox 4 has been pushed back to early 2011 we have more time to finish off the implementation of X-Content-Security-Policy within MantisBT.")
- GitHub: http://githubengineering.com/githubs-csp-journey
See also: