Skip to main content
短.be

Content Security Policy

An HTTP header that restricts the origins from which a web page can load resources. A defense layer that mitigates XSS attacks and data injection.

Dec 25, 2025 · About 1 min read

Security

Content Security Policy (CSP) is an HTTP response header that instructs browsers which sources of content are permitted to load on a page. It mitigates cross-site scripting (XSS), clickjacking, and data injection attacks by restricting executable scripts, stylesheets, images, and other resources. CSP directives include script-src, style-src, img-src, and connect-src, each specifying allowed origins. Violations can be reported to a designated endpoint for monitoring. For URL shortening services, CSP implementation protects redirect landing pages and management dashboards from injection attacks. Services must also consider how their redirect pages interact with destination sites' CSP policies, ensuring that preview pages and interstitial warnings don't trigger CSP violations on the target domain.

Share on XHatena

Was this article helpful?

Related Terms

CSP

Content Security Policy - an HTTP header that controls which resources a browser is allowed to load for a given page.

XSS

Cross-Site Scripting - a vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users.

Clickjacking

An attack that tricks users into clicking on hidden elements by overlaying transparent frames on top of legitimate web pages.

X-Frame-Options

An HTTP response header that controls whether a browser should allow a page to be displayed in an iframe.

CORS

Cross-Origin Resource Sharing - a browser security mechanism that controls which domains can access resources from another domain.

Lazy Loading

An optimization technique that defers loading of resources until they are actually needed, significantly improving initial page load speed.

Related Articles

Short URL Security Guide - Best Practices for Safe Link Sharing

A comprehensive guide to short URL security best practices. Understand the risks and learn how to share links safely and responsibly.

How Link Previews Work and Their Security Risks - Safe Operation of Short URLs

Explore the technical mechanisms behind link previews (OGP) generated by SNS and chat apps, and the security risks that arise through short URLs. Learn about preview spoofing attack techniques and defense strategies.

How to Spot and Prevent Phishing Attacks Using Short URLs

Learn to identify phishing attempts that exploit short URLs. Practical tips for protecting yourself and your organization from link-based scams.

Ready to create a short URL?

Shorten a URL for Free