This documentation is outdated and available for historical reasons only. To learn how to enable strict Content Security Policy in your application, visit


  • provides detailed guidance for enabling strict CSP
  • CSP Evaluator helps you check if a chosen CSP policy is secure.
  • CSP paper - an investigation of the state of CSP on the Web and security analysis of real-world policies.

  • Google Closure documentation serves as an example of how an HTML templating system can automatically add nonce attributes to <script> elements