“Implement Content Security Policy (CSP) in web applications that render LLM output. CSP provides a browser-enforced defense against XSS by restricting which scripts can execute, complementing server-side output encoding.” OWASP treats CSP as a critical defense-in-depth layer for any web app that displays LLM-generated content.

The ChatGPT plugin XSS (Imperva research) and similar LLM output XSS demonstrations all required the browser to execute inline scripts. A strict CSP — script-src 'self' with no 'unsafe-inline' — would have blocked script execution even if a payload slipped through the output encoding layer. CSP is the last line of defense when encoding fails.

→ Minimum effective CSP for LLM output pages:
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'none';→ Use nonce-based CSP for any legitimate inline scripts
→ Add X-Content-Type-Options: nosniff to prevent MIME-type sniffing attacks
→ Use frame-ancestors 'none' to prevent clickjacking
→ Test with Google’s CSP Evaluator tool

Open browser DevTools → Network tab → Check your app’s response headers for Content-Security-Policy. If absent, CSP is not deployed. If present, paste the value into csp-evaluator.withgoogle.com to identify weaknesses.