Singh, R.P.Chandavarkar, B.R.2026-02-0620242024 15th International Conference on Computing Communication and Networking Technologies, ICCCNT 2024, 2024, Vol., , p. -https://doi.org/10.1109/ICCCNT61001.2024.10725091https://idr.nitk.ac.in/handle/123456789/28829Cross-site scripting (XSS) attacks are a major threat to web applications and have consistently ranked among the OWASP Top 10 vulnerabilities. Attackers can inject malicious scripts that execute within a user's browser. Server-side Content Security Policies (CSPs) offer some protection, but their static nature makes them ineffective when dealing with dynamic content and a very small percentage of web application use. This paper explores dynamically generated CSPs on the client side. This approach overcomes the limitations of traditional CSPs and provides a more robust defense against XSS attacks. © 2024 IEEE.Content Security Policy (CSP)Cross-site scripting (XSS) attacksdata injectionOWASP Top 10 vulnerabilities