Content Security Policy: how CSP works and why it's so hard to deploy
A reference on CSP: the directive and source-list model, nonces, hashes and strict-dynamic, report-only mode, the Google study that showed most real-world policies were bypassable, and why retrofitting a strict policy is so painful.
· 21 min read