Developing web applications with security in mind is very much important in today's world with the increase in online attacks and fraud. Content Security Policy is a defense-in-depth mechanism which can help in mitigating Cross-Site Scripting vulnerabilities. In this talk, we'll see a live demo of an intentionally vulnerable web application and how Content Security Policy can prevent attacks. I’ll also talk about some success stories where companies successfully deployed CSP. We’ll discuss some common bypasses available for CSP and how CSP can be used to prevent other sets of issues like clickjacking, HTTPS migration, secure form submissions.