Content Security Policy
Content Security Policy (CSP) is a browser security standard that defines which resources (scripts, styles, images, connections) a web page is allowed to load. It is delivered via HTTP headers and helps prevent cross-site scripting (XSS), data injection, and other code injection attacks. In AI applications, CSP is particularly important because chat interfaces may render LLM-generated content — a strict CSP prevents any injected scripts from executing. CSP also controls which origins can be connected to via WebSocket or fetch, adding defense-in-depth for streaming AI interfaces.
Related Terms
CORS
InfrastructureCORS (Cross-Origin Resource Sharing) is a browser security mechanism that controls which web origins can make requests to your API.
API Gateway
InfrastructureAn API gateway is a reverse proxy that sits between clients and backend services, providing a single entry point for API requests.
Ready to build your first production AI agent?
Open-source tools, battle-tested patterns, zero boilerplate. Configure your stack and ship in minutes — not months.