0
0
Cybersecurityknowledge~5 mins

Content Security Policy (CSP) in Cybersecurity - Cheat Sheet & Quick Revision

Choose your learning style9 modes available
LearnWhyDeepVisualPracticeChallengeProjectRecallTime
Recall & Review
beginner
What is Content Security Policy (CSP)?
Content Security Policy (CSP) is a security feature that helps prevent attacks like cross-site scripting (XSS) by controlling which resources a web page can load and execute.
Click to reveal answer
beginner
How does CSP improve website security?
CSP restricts the sources of scripts, styles, images, and other content, so only trusted sources are allowed. This reduces the chance of malicious code running on the site.
Click to reveal answer
intermediate
What is a 'directive' in CSP?
A directive is a rule in CSP that specifies what types of content can be loaded and from where. For example, 'script-src' controls which scripts can run.
Click to reveal answer
beginner
What happens if a resource violates the CSP rules?
The browser blocks the resource from loading or running, protecting the user from potential attacks like malicious scripts.
Click to reveal answer
intermediate
Name two common CSP directives and their purpose.
1. script-src: Controls which JavaScript sources are allowed.<br>2. img-src: Controls which image sources are allowed.
Click to reveal answer
What is the main purpose of Content Security Policy (CSP)?
ATo control which resources a web page can load and execute
BTo speed up website loading times
CTo encrypt user data on websites
DTo manage user passwords securely
Which CSP directive controls which JavaScript files can run on a page?
Astyle-src
Bimg-src
Cscript-src
Dconnect-src
If a script tries to load from an untrusted source not allowed by CSP, what happens?
AThe script loads normally
BThe browser blocks the script from running
CThe browser asks the user for permission
DThe script runs but with limited access
Which of these is NOT a benefit of using CSP?
APreventing cross-site scripting attacks
BReducing the risk of data injection
CControlling resource loading sources
DAutomatically fixing website bugs
How is CSP usually delivered to the browser?
AVia HTTP response headers
BThrough a special HTML tag
CBy JavaScript code on the page
DThrough browser extensions
Explain what Content Security Policy (CSP) is and why it is important for web security.
Think about how websites can block harmful scripts.
You got /3 concepts.
    Describe how CSP directives work and give examples of at least two directives.
    Directives tell the browser what is allowed.
    You got /3 concepts.