Using Content Security Policy for Privacy

Content Security Policy is a browser security feature to control what domains are allowed to load content on a given website. It is most commonly used for mitigating security issues like cross site scripting. At Pinterest, we also leverage this feature to protect the privacy of our users. In this talk, we will show how content security policy has given us better visibility into our inventory of third party sdks on our website and better protected our users by customizing our policy per consent options and user types. We will also walk through the pitfalls we encountered while deploying these changes across our web platform.