SiteTraceKit Glossary

What is a Content Security Policy?

A Content Security Policy, often shortened to CSP, is one of the most important browser-facing security headers for modern websites.

Short definition

A CSP can tell the browser which sources are allowed for scripts, images, styles, frames and other resources.

Simple example

Content-Security-Policy: default-src 'self'; script-src 'self' https://trusted.example

Why it matters for website checks

CSP can help teams understand and limit where executable and embedded resources may come from, especially on sites with forms, accounts or payments.

Limits

A CSP can be too weak, too broad or route-specific. Its presence is useful evidence, but not a complete security assessment.

What does this mean for website owners?

Use the signal as a starting point for manual review. The website’s purpose, technical environment and actual configuration provide the necessary context.

Matching checker

Security Header Checker - Review common browser security headers such as HSTS, CSP, Referrer-Policy and X-Content-Type-Options.

FAQ

Can CSP break a website?

Yes. A strict policy can block required resources. Many teams test with report-only mode before enforcing a policy.

What does the inline-script keyword mean in CSP?

It is a technical CSP setting that can allow inline scripts or styles. Whether it is acceptable depends on the application context.

Does SiteTraceKit execute the policy?

No. It reads the public header value and reports it as evidence without executing third-party scripts.