Skip to content

Content Security Policy

Content Security Policy (CSP) is a browser security standard that defines which resources (scripts, styles, images, connections) a web page is allowed to load. It is delivered via HTTP headers and helps prevent cross-site scripting (XSS), data injection, and other code injection attacks. In AI applications, CSP is particularly important because chat interfaces may render LLM-generated content — a strict CSP prevents any injected scripts from executing. CSP also controls which origins can be connected to via WebSocket or fetch, adding defense-in-depth for streaming AI interfaces.

Related Terms

Ready to build your first production AI agent?

Open-source tools, battle-tested patterns, zero boilerplate. Configure your stack and ship in minutes — not months.