CSP Security Considerations

1 min read Web Security Fundamentals

CSP Security Considerations

Understanding CSP limitations and bypass techniques:

JSONP endpoints can bypass CSP if whitelisted domains host them
Wildcard usage ('https:') significantly weakens protection
'unsafe-inline' and 'unsafe-eval' should be avoided
Ensure report-uri endpoints are protected against abuse