CSP (content-security-policy): A layer of security that can be added to web apps as an HTTP header or meta tag. Source: MDN Strict CSP: A specific set of CSP directives that has been identified as an effective and deployable mitigation against XSS (cross-site scripting). XSS is one of the most widespread sedcurity exploits. Source: w3c. SPA (single-page application): a web app implementation that