What is CSP (Content Security Policy)?
A browser security mechanism that restricts what resources (scripts, styles, images, fonts) a page can load. Configured via the Content-Security-Policy header. Prevents XSS by blocking inline scripts and restricting sources.
Verify This Answer
Cross-check this information using these trusted sources:
More FAQs in CORS vs CSRF vs CSP: What's the Difference?
CORS allows servers to opt-in to cross-origin requests (enable legitimate API calls). CSRF is an attack where a malicious site tricks a user into making unwanted authenticated requests. CORS enables; CSRF attacks. They are different security concerns.
CORS controls cross-origin API requests (server opt-in via headers). CSP controls what resources a page can load (prevent XSS via Content-Security-Policy header). CORS is about API access; CSP is about content loading.
No. CORS is about allowing cross-origin requests, not preventing them. CSRF prevention requires: SameSite cookies, CSRF tokens, or checking the Origin/Referer header on the server. CORS and CSRF are separate security concerns.
Still have questions?
Browse all our FAQs or reach out to our support team
