Security and Privacy Measurements

Besides software solutions to lower security and privacy risks, other crucial solutions exist.

This section outlines open security measurements that help to lower security and privacy risks.

Content Security Policy (CSP)

Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. CSP is should be used as defense-in-depth. It reduces the harm that a malicious injection can cause, but it is not a replacement for input validation and output encoding for websites.

Mozilla Content Security Policy (CSP) Guide: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP

Google CSP tips: https://developers.google.com/web/fundamentals/security/csp