{"json_modified": "2016-10-14T05:16:55.675872", "uuid": "3a388c57-adc5-4db8-9f2b-23502bcb36d3", "title": "Content-Security-Policy", "url": "/en-US/docs/Web/HTTP/Headers/Content-Security-Policy", "tags": ["Property", "Reference", "HTTP", "R\u00e9f\u00e9rence", "Web", "header"], "translations": [], "modified": "2016-10-14T05:16:54", "label": "Content-Security-Policy", "localization_tags": [], "locale": "en-US", "id": 133779, "last_edit": "2016-09-30T14:35:40", "summary": "The Content-Security-Policy header fields allows web site administrators to\u00a0control resources the user agent is allowed to load for a given page. With a few exceptions, policies mostly involve specifying server origins and script endpoints. This helps guard against cross-site scripting attacks.", "sections": [{"id": "Quick_Links", "title": null}, {"id": "The_HTTP_response_headers", "title": null}, {"id": "CH-CSP", "title": "CH-CSP"}, {"id": "Content-Security-Policy", "title": "Content-Security-Policy"}, {"id": "Content-Security-Policy-Report-Only", "title": "Content-Security-Policy-Report-Only"}, {"id": "Browser_compatibility", "title": null}, {"id": "See_Also", "title": "See Also"}], "slug": "Web/HTTP/Headers/Content-Security-Policy", "review_tags": ["technical"]}