A security method that informs the Web browser which elements being referenced by the website are valid. The content security policy (CSP) was standardized in 2012 to prevent malicious code from being executed. For example, it specifies which domains are valid for executable scripts as well as which protocols are allowed, such as only the secure HTTPS. See
XSS,
clickjacking and
buffer overflow.