{"id":2950,"date":"2025-11-28T10:46:40","date_gmt":"2025-11-28T10:46:40","guid":{"rendered":"https:\/\/www.captcha.eu\/?p=2950"},"modified":"2025-11-28T10:47:19","modified_gmt":"2025-11-28T10:47:19","slug":"wat-is-inhoud-beveiligingsbeleid-csp","status":"publish","type":"post","link":"https:\/\/www.captcha.eu\/nl\/wat-is-inhoud-beveiligingsbeleid-csp\/","title":{"rendered":"Wat is Content Security Policy (CSP)?"},"content":{"rendered":"<figure class=\"wp-block-image size-large is-resized\"><img data-dominant-color=\"cfc1a9\" data-has-transparency=\"false\" loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"576\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" src=\"https:\/\/www.captcha.eu\/wp-content\/uploads\/2025\/11\/Design-ohne-Titel-8-1024x576.jpg\" alt=\"Illustratie van Content Security Policy, met een vrouw in een oranje shirt die op een laptop werkt. Op haar scherm verschijnt een beveiligd webformulier met hangslotpictogrammen, een knop &#039;SUBMIT&#039; en een schild met een vinkje. Achtergrondelementen zijn waarschuwingsborden en een gebruikerspictogram, allemaal afgebeeld in een vlakke ontwerpstijl met blauwe, oranje en beige tinten.\" class=\"wp-image-2952 not-transparent\" style=\"--dominant-color: #cfc1a9; width:1200px;height:auto\" srcset=\"https:\/\/www.captcha.eu\/wp-content\/uploads\/2025\/11\/Design-ohne-Titel-8-1024x576.jpg 1024w, https:\/\/www.captcha.eu\/wp-content\/uploads\/2025\/11\/Design-ohne-Titel-8-300x169.jpg 300w, https:\/\/www.captcha.eu\/wp-content\/uploads\/2025\/11\/Design-ohne-Titel-8-768x432.jpg 768w, https:\/\/www.captcha.eu\/wp-content\/uploads\/2025\/11\/Design-ohne-Titel-8-1536x864.jpg 1536w, https:\/\/www.captcha.eu\/wp-content\/uploads\/2025\/11\/Design-ohne-Titel-8-18x10.jpg 18w, https:\/\/www.captcha.eu\/wp-content\/uploads\/2025\/11\/Design-ohne-Titel-8.jpg 1920w\" \/><figcaption class=\"wp-element-caption\">Captcha.eu<\/figcaption><\/figure>\n\n\n\n<p>Een Content Security Policy (CSP) is een krachtige beveiligingslaag aan de browserzijde die aanvallen zoals JavaScript-injectie, clickjacking en codemanipulatie helpt voorkomen. CSP fungeert als een digitale firewall in de browser en bepaalt welke bronnen op een webpagina mogen worden geladen en uitgevoerd. Deze moderne webstandaard geeft websitebeheerders nauwkeurige controle over de scripts, stijlen en services van derden die hun webpagina's vertrouwen en blokkeert al het andere.<\/p>\n\n\n\n<p>Door een toestemmingslijst van vertrouwde bronnen te defini\u00ebren, vermindert CSP het risico op cross-site scripting (XSS) en andere injectieaanvallen aanzienlijk, waardoor het een essentieel onderdeel wordt van de webbeveiligingsstrategie van elke applicatie.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<div class=\"wp-block-yoast-seo-table-of-contents yoast-table-of-contents\"><h2>Inhoudsopgave<\/h2><ul><li><a href=\"#h-how-content-security-policy-works-in-the-browser\" data-level=\"2\">Hoe het inhoudbeveiligingsbeleid werkt in de browser<\/a><\/li><li><a href=\"#h-why-csp-matters-real-threats-it-blocks\" data-level=\"2\">Waarom CSP belangrijk is: Echte bedreigingen die het blokkeert<\/a><\/li><li><a href=\"#h-csp-and-secure-development-practices\" data-level=\"2\">CSP en veilige ontwikkelpraktijken<\/a><\/li><li><a href=\"#h-common-csp-challenges-and-how-to-address-them\" data-level=\"2\">Veelvoorkomende CSP-uitdagingen en hoe ze aan te pakken<\/a><\/li><li><a href=\"#h-troubleshooting-csp-how-to-resolve-policy-errors\" data-level=\"2\">Problemen met CSP oplossen: beleidsfouten oplossen<\/a><\/li><li><a href=\"#h-why-captcha-and-csp-work-hand-in-hand\" data-level=\"2\">Waarom CAPTCHA en CSP hand in hand gaan<\/a><\/li><li><a href=\"#h-conclusion\" data-level=\"2\">Conclusie<\/a><\/li><li><a href=\"#h-faq-frequently-asked-questions\" data-level=\"2\">FAQ - Veelgestelde vragen<\/a><\/li><\/ul><\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading has-text-color has-link-color has-large-font-size wp-elements-a64c21a8c33ff0b42783f15004105285\" id=\"h-how-content-security-policy-works-in-the-browser\" style=\"color:#2b7ca4\">Hoe het inhoudbeveiligingsbeleid werkt in de browser<\/h2>\n\n\n\n<p>CSP wordt aan de browser geleverd via de Content-Security-Policy HTTP-reactieheader. Deze header bevat een of meer richtlijnen, die elk regels specificeren voor verschillende typen bronnen: scripts, stylesheets, afbeeldingen, lettertypen, frames, enzovoort.<\/p>\n\n\n\n<p>Een beleid kan bijvoorbeeld alleen inhoud van je eigen domein toestaan, specifieke vertrouwde scriptbronnen en expliciet het insluiten van je pagina's in iframes blokkeren. Door te beperken waar inhoud vandaan kan worden geladen, blokkeert CSP ongeautoriseerde scripts, voorkomt het dat aanvallers schadelijke payloads injecteren en dwingt het veilige codeerpraktijken af.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading has-text-color has-link-color has-large-font-size wp-elements-a94614a0c4ebc2f1890cdd7bb356c238\" id=\"h-why-csp-matters-real-threats-it-blocks\" style=\"color:#2b7ca4\">Waarom CSP belangrijk is: Echte bedreigingen die het blokkeert<\/h2>\n\n\n\n<p>Website-eigenaren gebruiken CSP meestal om cross-site scripting (XSS)-aanvallen te blokkeren. Wanneer een kwetsbaarheid aanvallers in staat stelt kwaadaardige JavaScript te injecteren, voorkomt CSP dat de browser het script uitvoert, tenzij het afkomstig is van een goedgekeurde bron.<\/p>\n\n\n\n<p>CSP voorkomt dat aanvallers uw site in verborgen frames op hun eigen pagina's laden, een veelgebruikte clickjacking-techniek. Door expliciet te bepalen welke websites uw inhoud mogen invoegen, blokkeert u deze misleidende opstellingen en voorkomt u dat aanvallers gebruikers verleiden om op vermomde elementen te klikken.<\/p>\n\n\n\n<p>Daarnaast helpt CSP HTTPS af te dwingen op je hele site door automatisch resource requests te upgraden van <a href=\"https:\/\/www.captcha.eu\/nl\/wat-is-http\/\">HTTP<\/a> om HTTPS te beveiligen, wat bijdraagt aan een consistente beveiliging.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading has-text-color has-link-color has-large-font-size wp-elements-ffe15f35f443ed9395fe47fefadc2fb6\" id=\"h-csp-and-secure-development-practices\" style=\"color:#2b7ca4\">CSP en veilige ontwikkelpraktijken<\/h2>\n\n\n\n<p>CSP ondersteunt industriestandaarden en compliance-eisen zoals PCI DSS 4.0 en GDPR. Het biedt effectieve bescherming tegen zero-day scriptinjectiebedreigingen en voegt een extra controlelaag toe aan moderne webontwikkelingspraktijken. Voor naadloze compatibiliteit biedt captcha.eu CSP-ready CAPTCHA integratie. Bekijk de volledige <a href=\"https:\/\/docs.captcha.eu\/csp\">captcha.eu CSP-documentatie<\/a> voor begeleiding.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading has-text-color has-link-color has-large-font-size wp-elements-b5ee8f986839918fb654dd7dca9ae68c\" id=\"h-common-csp-challenges-and-how-to-address-them\" style=\"color:#2b7ca4\">Veelvoorkomende CSP-uitdagingen en hoe ze aan te pakken<\/h2>\n\n\n\n<p>Inline scripts en stijlen vormen een uitdaging omdat CSP ze standaard blokkeert. Dit dwingt ontwikkelaars om opnieuw na te denken over hoe scripts aan de pagina worden toegevoegd. In plaats van onveilige inline scripts toe te staan, is de aanbevolen aanpak om nonces of hashes te gebruiken.<\/p>\n\n\n\n<p>Een nonce is een unieke, willekeurige waarde die op de server wordt gegenereerd en die zowel in de CSP-header als in de overeenkomstige - of -tag moet voorkomen. Als alternatief kun je met hashes de exacte inhoud specificeren die mag worden uitgevoerd. Beide technieken versterken de beveiliging zonder aan flexibiliteit in te boeten.<\/p>\n\n\n\n<p>Om te zorgen voor een soepele uitrol, kun je beginnen met het uitvoeren van je beleid in de modus Alleen verslag met behulp van de header Content-Security-Policy-Report-Only. Met deze aanpak kun je controleren welke bronnen worden geblokkeerd, zonder de gebruikerservaring te be\u00efnvloeden. Het is een slimme manier om je beleid te verfijnen en potenti\u00eble problemen op te sporen voordat het volledig wordt afgedwongen.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading has-text-color has-link-color has-large-font-size wp-elements-a2e51ae7424d1a0db9585e8b7c07d9d7\" id=\"h-troubleshooting-csp-how-to-resolve-policy-errors\" style=\"color:#2b7ca4\">Problemen met CSP oplossen: beleidsfouten oplossen<\/h2>\n\n\n\n<p>Zelfs goed voorbereide beleidsregels kunnen leiden tot onverwachte schendingen. Als je problemen tegenkomt, geeft de browserconsole gedetailleerde foutmeldingen die precies laten zien welke bron werd geblokkeerd en waarom.<\/p>\n\n\n\n<p>Voor testen en debuggen biedt captcha.eu een live <a href=\"https:\/\/www.captcha.eu\/nl\/api\/csp_demo\/overview\/\">CSP-demo-omgeving<\/a>, waar u kunt simuleren hoe uw beleid omgaat met CAPTCHA-functies. Als de problemen aanhouden, raadpleeg dan de <a href=\"https:\/\/docs.captcha.eu\/csp\">captcha.eu documentatie<\/a> of neem contact op met ondersteuning met uw foutenlogboeken voor hulp op maat.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading has-text-color has-link-color has-large-font-size wp-elements-c2c9e6cd72e088a1f798a21118f30fa0\" id=\"h-why-captcha-and-csp-work-hand-in-hand\" style=\"color:#2b7ca4\">Waarom CAPTCHA en CSP hand in hand gaan<\/h2>\n\n\n\n<p>CSP beperkt wat scripts kunnen uitvoeren, maar maakt geen onderscheid tussen mensen en bots. Dat is waar CAPTCHA om de hoek komt kijken. Om misbruik van aanmeldingsformulieren, commentaarvelden en betalingsgateways te voorkomen, is een CAPTCHA-oplossing essentieel.<\/p>\n\n\n\n<p>De GDPR-compliant CAPTCHA-technologie van captcha.eu is volledig compatibel met strikte CSP-omgevingen. Het biedt niet-invasieve gebruikersverificatie zonder afbreuk te doen aan de browserbeveiliging. Samen vormen CSP en CAPTCHA een uitgebreid beschermingsmodel voor moderne websites.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading has-text-color has-link-color has-large-font-size wp-elements-72de50b6cabed51cc3dd00d967bab9d4\" id=\"h-conclusion\" style=\"color:#2b7ca4\">Conclusie<\/h2>\n\n\n\n<p>CSP biedt krachtige verdediging tegen ge\u00efnjecteerde scripts en onbevoegd laden van inhoud. Het beveiligt gebruikerssessies, ondersteunt privacy-compliance en verkleint het aanvalsoppervlak, allemaal vanuit de browser.<\/p>\n\n\n\n<p>Als je CSP combineert met botdetectie en menselijke verificatietools zoals <a href=\"https:\/\/www.captcha.eu\/nl\/\">captcha.eu<\/a>versterkt u uw verdediging tegen zowel browsergebaseerde bedreigingen als geautomatiseerde aanvallen. Of je nu een webplatform bouwt of beveiligt, maak CSP een van je eerste verdedigingslinies, implementeer het doordacht, test het grondig en onderhoud het continu.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading has-text-color has-link-color has-large-font-size wp-elements-cbff7adca8489518fa087943784c86d6\" id=\"h-faq-frequently-asked-questions\" style=\"color:#2b7ca4\">FAQ - Veelgestelde vragen<\/h2>\n\n\n\n<div class=\"wp-block-premium-accordion premium-accordion premium-accordion-24369f49bb08\">\n<div class=\"wp-block-premium-accordion-item premium-accordion-item-086113a8a374 premium-accordion__content_wrap\"><div class=\"premium-accordion__title_wrap premium-accordion__ltr premium-accordion__out\"><div class=\"premium-accordion__title\"><h4 class=\"premium-accordion__title_text\">Wat is Content Security Policy (CSP)?<\/h4><\/div><div class=\"premium-accordion__icon_wrap\"><svg class=\"premium-accordion__icon\" role=\"img\" focusable=\"false\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewbox=\"0 0 20 20\"><polygon points=\"16.7,3.3 10,10 3.3,3.4 0,6.7 10,16.7 10,16.6 20,6.7 \"><\/polygon><\/svg><\/div><\/div><div class=\"premium-accordion__desc_wrap\"><p class=\"premium-accordion__desc\">CSP is een beveiligingsstandaard die aanvallen zoals cross-site scripting (XSS), clickjacking en injectie van kwaadaardige code helpt voorkomen door te bepalen welke bronnen een browser op een website mag laden en uitvoeren.<\/p><\/div><\/div>\n\n\n\n<div class=\"wp-block-premium-accordion-item premium-accordion-item-595eb7932f83 premium-accordion__content_wrap\"><div class=\"premium-accordion__title_wrap premium-accordion__ltr premium-accordion__out\"><div class=\"premium-accordion__title\"><h4 class=\"premium-accordion__title_text\">Waarom is CSP belangrijk voor de beveiliging van websites?<\/h4><\/div><div class=\"premium-accordion__icon_wrap\"><svg class=\"premium-accordion__icon\" role=\"img\" focusable=\"false\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewbox=\"0 0 20 20\"><polygon points=\"16.7,3.3 10,10 3.3,3.4 0,6.7 10,16.7 10,16.6 20,6.7 \"><\/polygon><\/svg><\/div><\/div><div class=\"premium-accordion__desc_wrap\"><p class=\"premium-accordion__desc\">CSP werkt als een firewall aan de browserzijde, waardoor het risico van aanvallen aan de clientzijde wordt verkleind. Het dwingt strenge regels af voor het laden van scripts, afbeeldingen en andere bronnen, waardoor gebruikers en gevoelige gegevens worden beschermd.<\/p><\/div><\/div>\n\n\n\n<div class=\"wp-block-premium-accordion-item premium-accordion-item-ec6da3311501 premium-accordion__content_wrap\"><div class=\"premium-accordion__title_wrap premium-accordion__ltr premium-accordion__out\"><div class=\"premium-accordion__title\"><h4 class=\"premium-accordion__title_text\">Hoe voorkomt CSP XSS-aanvallen?<\/h4><\/div><div class=\"premium-accordion__icon_wrap\"><svg class=\"premium-accordion__icon\" role=\"img\" focusable=\"false\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewbox=\"0 0 20 20\"><polygon points=\"16.7,3.3 10,10 3.3,3.4 0,6.7 10,16.7 10,16.6 20,6.7 \"><\/polygon><\/svg><\/div><\/div><div class=\"premium-accordion__desc_wrap\"><p class=\"premium-accordion__desc\">CSP blokkeert de uitvoering van ongeautoriseerde scripts door alleen JavaScript van vertrouwde bronnen toe te staan. Dit voorkomt dat aanvallers schadelijke code injecteren en uitvoeren via gebruikersinvoer of kwetsbare scripts van derden.<\/p><\/div><\/div>\n\n\n\n<div class=\"wp-block-premium-accordion-item premium-accordion-item-528bab97421c premium-accordion__content_wrap\"><div class=\"premium-accordion__title_wrap premium-accordion__ltr premium-accordion__out\"><div class=\"premium-accordion__title\"><h4 class=\"premium-accordion__title_text\">Wat zijn CSP-richtlijnen?<\/h4><\/div><div class=\"premium-accordion__icon_wrap\"><svg class=\"premium-accordion__icon\" role=\"img\" focusable=\"false\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewbox=\"0 0 20 20\"><polygon points=\"16.7,3.3 10,10 3.3,3.4 0,6.7 10,16.7 10,16.6 20,6.7 \"><\/polygon><\/svg><\/div><\/div><div class=\"premium-accordion__desc_wrap\"><p class=\"premium-accordion__desc\">CSP-richtlijnen zijn specifieke regels die toegestane inhoudsbronnen defini\u00ebren. Veel voorkomende directieven zijn default-src, script-src, img-src en frame-ancestors, die elk verschillende soorten inhoud regelen.<\/p><\/div><\/div>\n\n\n\n<div class=\"wp-block-premium-accordion-item premium-accordion-item-4dbe092d2ebd premium-accordion__content_wrap\"><div class=\"premium-accordion__title_wrap premium-accordion__ltr premium-accordion__out\"><div class=\"premium-accordion__title\"><h4 class=\"premium-accordion__title_text\">Wat is de modus Alleen CSP-verslag?<\/h4><\/div><div class=\"premium-accordion__icon_wrap\"><svg class=\"premium-accordion__icon\" role=\"img\" focusable=\"false\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewbox=\"0 0 20 20\"><polygon points=\"16.7,3.3 10,10 3.3,3.4 0,6.7 10,16.7 10,16.6 20,6.7 \"><\/polygon><\/svg><\/div><\/div><div class=\"premium-accordion__desc_wrap\"><p class=\"premium-accordion__desc\">Met de modus Report-Only kunnen ontwikkelaars een CSP-beleid testen zonder het af te dwingen. De browser registreert overtredingen, waardoor site-eigenaren hun beleid kunnen bijstellen voordat het volledig wordt ge\u00efmplementeerd zonder de functionaliteit te onderbreken.<\/p><\/div><\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-background-color has-text-color has-background has-link-color wp-elements-f0053231231cbd97b0464e4db5840e87 is-vertical is-content-justification-center is-layout-flex wp-container-core-group-is-layout-ce155fab wp-block-group-is-layout-flex\" style=\"border-radius:20px;background-color:#f0faf3\">\n<h2 class=\"wp-block-heading has-foreground-color has-text-color has-link-color has-large-font-size wp-elements-b5699e1a129fe1a30ab792feee8ae242\"><strong>100 gratis aanvragen<\/strong><\/h2>\n\n\n\n<p class=\"has-foreground-color has-text-color has-link-color wp-elements-b49cc1b9513f565de22aa575e471cab2\">Je hebt de mogelijkheid om ons product te testen en uit te proberen met 100 gratis aanvragen.<\/p>\n\n\n\n<div class=\"wp-block-buttons is-layout-flex wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link has-background-color has-text-color has-background wp-element-button\" href=\"https:\/\/www.captcha.eu\/dashboard\/\" style=\"background-color:#77af84\">Proef starten<\/a><\/div>\n<\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-background-color has-text-color has-background has-link-color wp-elements-af00b1d79068a7b2dfaed3c6a27bcc40 is-vertical is-content-justification-center is-layout-flex wp-container-core-group-is-layout-ce155fab wp-block-group-is-layout-flex\" style=\"border-radius:20px;background-color:#68c1eb;min-height:370px\">\n<p class=\"has-background-color has-text-color has-link-color has-normal-font-size wp-elements-eebd210dd9d74a0906c3b070c47966be\"><strong>Als u vragen hebt<\/strong><\/p>\n\n\n\n<h2 class=\"wp-block-heading has-background-color has-text-color has-link-color has-large-font-size wp-elements-ca0e088edbf969fa6cc0ffaa1ba6c01c\" id=\"h-contact-us\"><strong>Neem contact met ons op<\/strong><\/h2>\n\n\n\n<p class=\"has-background-color has-text-color has-link-color wp-elements-316b59d0711ce3cc25ea0c989740e1ea\">Ons supportteam staat klaar om je te helpen.<br><\/p>\n\n\n\n<div class=\"wp-block-buttons is-layout-flex wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link has-foreground-color has-background-background-color has-text-color has-background wp-element-button\" href=\"javascript:goToContact();\">Neem contact met ons op<\/a><\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>A Content Security Policy (CSP) is a powerful browser-side security layer that helps prevent attacks like JavaScript injection, clickjacking, and code manipulation. Acting as a digital firewall inside the browser, CSP controls which resources are allowed to load and execute on a webpage. This modern web standard gives site operators [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":2952,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_eb_attr":"","footnotes":""},"categories":[41],"tags":[],"class_list":["post-2950","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-knowledge-base"],"acf":{"pretitle":"","intern_slug":""},"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.0 (Yoast SEO v27.0) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>What is Content Security Policy (CSP)? - captcha.eu<\/title>\n<meta name=\"description\" content=\"Learn what Content Security Policy (CSP) is, how it protects your website from XSS, clickjacking and why it is key to modern web security.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.captcha.eu\/nl\/wat-is-inhoud-beveiligingsbeleid-csp\/\" \/>\n<meta property=\"og:locale\" content=\"nl_NL\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"What is Content Security Policy (CSP)?\" \/>\n<meta property=\"og:description\" content=\"Learn what Content Security Policy (CSP) is, how it protects your website from XSS, clickjacking and why it is key to modern web security.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.captcha.eu\/nl\/wat-is-inhoud-beveiligingsbeleid-csp\/\" \/>\n<meta property=\"og:site_name\" content=\"captcha.eu\" \/>\n<meta property=\"article:published_time\" content=\"2025-11-28T10:46:40+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-11-28T10:47:19+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.captcha.eu\/wp-content\/uploads\/2025\/11\/Design-ohne-Titel-8.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"1080\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Captcha\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@captcha_eu\" \/>\n<meta name=\"twitter:site\" content=\"@captcha_eu\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Captcha\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.captcha.eu\/what-is-content-security-policy-csp\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.captcha.eu\/what-is-content-security-policy-csp\/\"},\"author\":{\"name\":\"Captcha\",\"@id\":\"https:\/\/www.captcha.eu\/#\/schema\/person\/f1e4886cdd0c5bbbb44279dd0d95445a\"},\"headline\":\"What is Content Security Policy (CSP)?\",\"datePublished\":\"2025-11-28T10:46:40+00:00\",\"dateModified\":\"2025-11-28T10:47:19+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.captcha.eu\/what-is-content-security-policy-csp\/\"},\"wordCount\":973,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.captcha.eu\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.captcha.eu\/what-is-content-security-policy-csp\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.captcha.eu\/wp-content\/uploads\/2025\/11\/Design-ohne-Titel-8.jpg\",\"articleSection\":[\"Knowledge Base\"],\"inLanguage\":\"nl-NL\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.captcha.eu\/what-is-content-security-policy-csp\/#respond\"]}],\"accessibilityFeature\":[\"tableOfContents\"]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.captcha.eu\/what-is-content-security-policy-csp\/\",\"url\":\"https:\/\/www.captcha.eu\/what-is-content-security-policy-csp\/\",\"name\":\"What is Content Security Policy (CSP)? - captcha.eu\",\"isPartOf\":{\"@id\":\"https:\/\/www.captcha.eu\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.captcha.eu\/what-is-content-security-policy-csp\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.captcha.eu\/what-is-content-security-policy-csp\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.captcha.eu\/wp-content\/uploads\/2025\/11\/Design-ohne-Titel-8.jpg\",\"datePublished\":\"2025-11-28T10:46:40+00:00\",\"dateModified\":\"2025-11-28T10:47:19+00:00\",\"description\":\"Learn what Content Security Policy (CSP) is, how it protects your website from XSS, clickjacking and why it is key to modern web security.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.captcha.eu\/what-is-content-security-policy-csp\/#breadcrumb\"},\"inLanguage\":\"nl-NL\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.captcha.eu\/what-is-content-security-policy-csp\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"nl-NL\",\"@id\":\"https:\/\/www.captcha.eu\/what-is-content-security-policy-csp\/#primaryimage\",\"url\":\"https:\/\/www.captcha.eu\/wp-content\/uploads\/2025\/11\/Design-ohne-Titel-8.jpg\",\"contentUrl\":\"https:\/\/www.captcha.eu\/wp-content\/uploads\/2025\/11\/Design-ohne-Titel-8.jpg\",\"width\":1920,\"height\":1080,\"caption\":\"Captcha.eu\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.captcha.eu\/what-is-content-security-policy-csp\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.captcha.eu\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"What is Content Security Policy (CSP)?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.captcha.eu\/#website\",\"url\":\"https:\/\/www.captcha.eu\/\",\"name\":\"captcha.eu\",\"description\":\"The GDPR-compliant message protection | captcha.eu\",\"publisher\":{\"@id\":\"https:\/\/www.captcha.eu\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.captcha.eu\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"nl-NL\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.captcha.eu\/#organization\",\"name\":\"captcha.eu\",\"url\":\"https:\/\/www.captcha.eu\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"nl-NL\",\"@id\":\"https:\/\/www.captcha.eu\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.captcha.eu\/wp-content\/uploads\/2024\/02\/Captcha_mono-C_Logo.svg\",\"contentUrl\":\"https:\/\/www.captcha.eu\/wp-content\/uploads\/2024\/02\/Captcha_mono-C_Logo.svg\",\"width\":24,\"height\":28,\"caption\":\"captcha.eu\"},\"image\":{\"@id\":\"https:\/\/www.captcha.eu\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/captcha_eu\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.captcha.eu\/#\/schema\/person\/f1e4886cdd0c5bbbb44279dd0d95445a\",\"name\":\"Captcha\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"nl-NL\",\"@id\":\"https:\/\/www.captcha.eu\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/48b669a092d552f5f30202f8da848c93fa4c54f8c2b3167568ed5cbccbe4994a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/48b669a092d552f5f30202f8da848c93fa4c54f8c2b3167568ed5cbccbe4994a?s=96&d=mm&r=g\",\"caption\":\"Captcha\"},\"sameAs\":[\"https:\/\/www.captcha.eu\"],\"url\":\"https:\/\/www.captcha.eu\/nl\/author\/admin\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Wat is Content Beveiligingsbeleid (CSP)? - captcha.eu","description":"Leer wat Content Security Policy (CSP) is, hoe het je website beschermt tegen XSS, clickjacking en waarom het de sleutel is tot moderne webbeveiliging.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.captcha.eu\/nl\/wat-is-inhoud-beveiligingsbeleid-csp\/","og_locale":"nl_NL","og_type":"article","og_title":"What is Content Security Policy (CSP)?","og_description":"Learn what Content Security Policy (CSP) is, how it protects your website from XSS, clickjacking and why it is key to modern web security.","og_url":"https:\/\/www.captcha.eu\/nl\/wat-is-inhoud-beveiligingsbeleid-csp\/","og_site_name":"captcha.eu","article_published_time":"2025-11-28T10:46:40+00:00","article_modified_time":"2025-11-28T10:47:19+00:00","og_image":[{"width":1920,"height":1080,"url":"https:\/\/www.captcha.eu\/wp-content\/uploads\/2025\/11\/Design-ohne-Titel-8.jpg","type":"image\/jpeg"}],"author":"Captcha","twitter_card":"summary_large_image","twitter_creator":"@captcha_eu","twitter_site":"@captcha_eu","twitter_misc":{"Written by":"Captcha","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.captcha.eu\/what-is-content-security-policy-csp\/#article","isPartOf":{"@id":"https:\/\/www.captcha.eu\/what-is-content-security-policy-csp\/"},"author":{"name":"Captcha","@id":"https:\/\/www.captcha.eu\/#\/schema\/person\/f1e4886cdd0c5bbbb44279dd0d95445a"},"headline":"What is Content Security Policy (CSP)?","datePublished":"2025-11-28T10:46:40+00:00","dateModified":"2025-11-28T10:47:19+00:00","mainEntityOfPage":{"@id":"https:\/\/www.captcha.eu\/what-is-content-security-policy-csp\/"},"wordCount":973,"commentCount":0,"publisher":{"@id":"https:\/\/www.captcha.eu\/#organization"},"image":{"@id":"https:\/\/www.captcha.eu\/what-is-content-security-policy-csp\/#primaryimage"},"thumbnailUrl":"https:\/\/www.captcha.eu\/wp-content\/uploads\/2025\/11\/Design-ohne-Titel-8.jpg","articleSection":["Knowledge Base"],"inLanguage":"nl-NL","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.captcha.eu\/what-is-content-security-policy-csp\/#respond"]}],"accessibilityFeature":["tableOfContents"]},{"@type":"WebPage","@id":"https:\/\/www.captcha.eu\/what-is-content-security-policy-csp\/","url":"https:\/\/www.captcha.eu\/what-is-content-security-policy-csp\/","name":"Wat is Content Beveiligingsbeleid (CSP)? - captcha.eu","isPartOf":{"@id":"https:\/\/www.captcha.eu\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.captcha.eu\/what-is-content-security-policy-csp\/#primaryimage"},"image":{"@id":"https:\/\/www.captcha.eu\/what-is-content-security-policy-csp\/#primaryimage"},"thumbnailUrl":"https:\/\/www.captcha.eu\/wp-content\/uploads\/2025\/11\/Design-ohne-Titel-8.jpg","datePublished":"2025-11-28T10:46:40+00:00","dateModified":"2025-11-28T10:47:19+00:00","description":"Leer wat Content Security Policy (CSP) is, hoe het je website beschermt tegen XSS, clickjacking en waarom het de sleutel is tot moderne webbeveiliging.","breadcrumb":{"@id":"https:\/\/www.captcha.eu\/what-is-content-security-policy-csp\/#breadcrumb"},"inLanguage":"nl-NL","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.captcha.eu\/what-is-content-security-policy-csp\/"]}]},{"@type":"ImageObject","inLanguage":"nl-NL","@id":"https:\/\/www.captcha.eu\/what-is-content-security-policy-csp\/#primaryimage","url":"https:\/\/www.captcha.eu\/wp-content\/uploads\/2025\/11\/Design-ohne-Titel-8.jpg","contentUrl":"https:\/\/www.captcha.eu\/wp-content\/uploads\/2025\/11\/Design-ohne-Titel-8.jpg","width":1920,"height":1080,"caption":"Captcha.eu"},{"@type":"BreadcrumbList","@id":"https:\/\/www.captcha.eu\/what-is-content-security-policy-csp\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.captcha.eu\/"},{"@type":"ListItem","position":2,"name":"What is Content Security Policy (CSP)?"}]},{"@type":"WebSite","@id":"https:\/\/www.captcha.eu\/#website","url":"https:\/\/www.captcha.eu\/","name":"captcha.eu","description":"De GDPR-conforme berichtenbeveiliging | captcha.eu","publisher":{"@id":"https:\/\/www.captcha.eu\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.captcha.eu\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"nl-NL"},{"@type":"Organization","@id":"https:\/\/www.captcha.eu\/#organization","name":"captcha.eu","url":"https:\/\/www.captcha.eu\/","logo":{"@type":"ImageObject","inLanguage":"nl-NL","@id":"https:\/\/www.captcha.eu\/#\/schema\/logo\/image\/","url":"https:\/\/www.captcha.eu\/wp-content\/uploads\/2024\/02\/Captcha_mono-C_Logo.svg","contentUrl":"https:\/\/www.captcha.eu\/wp-content\/uploads\/2024\/02\/Captcha_mono-C_Logo.svg","width":24,"height":28,"caption":"captcha.eu"},"image":{"@id":"https:\/\/www.captcha.eu\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/captcha_eu"]},{"@type":"Person","@id":"https:\/\/www.captcha.eu\/#\/schema\/person\/f1e4886cdd0c5bbbb44279dd0d95445a","name":"Captcha","image":{"@type":"ImageObject","inLanguage":"nl-NL","@id":"https:\/\/www.captcha.eu\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/48b669a092d552f5f30202f8da848c93fa4c54f8c2b3167568ed5cbccbe4994a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/48b669a092d552f5f30202f8da848c93fa4c54f8c2b3167568ed5cbccbe4994a?s=96&d=mm&r=g","caption":"Captcha"},"sameAs":["https:\/\/www.captcha.eu"],"url":"https:\/\/www.captcha.eu\/nl\/author\/admin\/"}]}},"pbg_featured_image_src":{"full":["https:\/\/www.captcha.eu\/wp-content\/uploads\/2025\/11\/Design-ohne-Titel-8.jpg",1920,1080,false],"thumbnail":["https:\/\/www.captcha.eu\/wp-content\/uploads\/2025\/11\/Design-ohne-Titel-8-150x150.jpg",150,150,true],"medium":["https:\/\/www.captcha.eu\/wp-content\/uploads\/2025\/11\/Design-ohne-Titel-8-300x169.jpg",300,169,true],"medium_large":["https:\/\/www.captcha.eu\/wp-content\/uploads\/2025\/11\/Design-ohne-Titel-8-768x432.jpg",768,432,true],"large":["https:\/\/www.captcha.eu\/wp-content\/uploads\/2025\/11\/Design-ohne-Titel-8-1024x576.jpg",1024,576,true],"1536x1536":["https:\/\/www.captcha.eu\/wp-content\/uploads\/2025\/11\/Design-ohne-Titel-8-1536x864.jpg",1536,864,true],"2048x2048":["https:\/\/www.captcha.eu\/wp-content\/uploads\/2025\/11\/Design-ohne-Titel-8.jpg",1920,1080,false],"trp-custom-language-flag":["https:\/\/www.captcha.eu\/wp-content\/uploads\/2025\/11\/Design-ohne-Titel-8-18x10.jpg",18,10,true]},"pbg_author_info":{"display_name":"Captcha","author_link":"https:\/\/www.captcha.eu\/nl\/author\/admin\/","author_img":"<img alt='Captcha' src='https:\/\/secure.gravatar.com\/avatar\/48b669a092d552f5f30202f8da848c93fa4c54f8c2b3167568ed5cbccbe4994a?s=128&#038;d=mm&#038;r=g' srcset='https:\/\/secure.gravatar.com\/avatar\/48b669a092d552f5f30202f8da848c93fa4c54f8c2b3167568ed5cbccbe4994a?s=256&#038;d=mm&#038;r=g 2x' class='avatar avatar-128 photo' height='128' width='128' loading='lazy' decoding='async'\/>"},"pbg_comment_info":"57 comment","pbg_excerpt":"A Content Security Policy (CSP) is a powerful browser-side security layer that helps prevent attacks like JavaScript injection, clickjacking, and code manipulation. Acting as a digital firewall inside the browser, CSP controls which resources are allowed to load and execute on a webpage. This modern web standard gives site operators [&hellip;]","_links":{"self":[{"href":"https:\/\/www.captcha.eu\/nl\/wp-json\/wp\/v2\/posts\/2950","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.captcha.eu\/nl\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.captcha.eu\/nl\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.captcha.eu\/nl\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.captcha.eu\/nl\/wp-json\/wp\/v2\/comments?post=2950"}],"version-history":[{"count":2,"href":"https:\/\/www.captcha.eu\/nl\/wp-json\/wp\/v2\/posts\/2950\/revisions"}],"predecessor-version":[{"id":2955,"href":"https:\/\/www.captcha.eu\/nl\/wp-json\/wp\/v2\/posts\/2950\/revisions\/2955"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.captcha.eu\/nl\/wp-json\/wp\/v2\/media\/2952"}],"wp:attachment":[{"href":"https:\/\/www.captcha.eu\/nl\/wp-json\/wp\/v2\/media?parent=2950"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.captcha.eu\/nl\/wp-json\/wp\/v2\/categories?post=2950"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.captcha.eu\/nl\/wp-json\/wp\/v2\/tags?post=2950"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}