This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Test Content Security Policy (OTG-CONFIG-008)

Jump to: navigation, search
This article is part of the new OWASP Testing Guide v4.
Back to the OWASP Testing Guide v4 ToC: Back to the OWASP Testing Guide Project:

Brief Summary

Content Security Policy (CSP) is an W3C specification instructs the client browser (using a directive) from which location and/or which type of resources are allowed to be loaded.

Description of the Issue Short Description of the Issue: Topic and Explanation

Black Box testing and example

Testing for Topic X vulnerabilities:
Result Expected:


OWASP List of useful HTTP headers