CSP is an incredibly simple yet amazingly powerful security feature that is now widely supported by browsers. Scott looks at some of the headline features of CSP with demonstrations of attack prevention and some of its lesser known uses too.
Did you know that besides mitigating XSS attacks, CSP can also stop click-jacking attacks, neutralise mixed-content, kill ad-injectors and even help you migrate from HTTP to HTTPS?
Additional links: