Content Security Policy
CSPسياسة أمان المحتوى (CSP)
Definition
An HTTP header that tells browsers which sources of scripts, styles, and media are allowed to load on a page.
ترويسة HTTP تُخبر المتصفحات بمصادر السكريبتات والأنماط والوسائط المسموح بتحميلها على الصفحة.
Why It Matters
A CSP header on 404Fault would prevent injected scripts from malicious glossary content (if someone corrupts a term) from executing in users' browsers.
ترويسة CSP على 404Fault ستمنع السكريبتات المحقونة من محتوى قاموس خبيث (إذا فسد مصطلح ما) من التنفيذ في متصفحات المستخدمين.
Full Definition
Example Usage
“// next.config.js headers: { key: 'Content-Security-Policy', value: `script-src 'self'; object-src 'none'; frame-ancestors 'none'` }”
“// next.config.js headers: { key: 'Content-Security-Policy', value: `script-src 'self'; object-src 'none'; frame-ancestors 'none'` }”
AI Builder Tips
Avoid these mistakes when using Content Security Policy:
Starting with a policy that's too strict and breaks the app — use report-only mode first
Forgetting to include CDN domains in `script-src` — third-party scripts will be blocked
Sign in to unlock guided AI explanations from AI Teacher.
Generate a Prompt
Copy this prompt and use it directly with any AI model — no setup needed.
Help me build a project using Content Security Policy. Explain: 1. What is Content Security Policy and why it matters 2. The core architecture and required tools 3. Step-by-step implementation plan 4. Common mistakes to avoid: Starting with a policy that's too strict and breaks the app — use report-only mode first, Forgetting to include CDN domains in `script-src` — third-party scripts will be blocked 5. Best practices and production tips