Fernandes de Oliveira, IsabellaRen, Mengxia2024-05-082024-05-08https://hdl.handle.net/11124/179051https://doi.org/10.25676/11124/179051Content Security Policies (CSPs) are vital defenses against cross-site scripting (XSS) and unauthorized web resource manipulation. This study investigates CSP implementation across the top 100 websites listed in TRANCO, focusing on resilience to external manipulation. Our analysis reveals that over 50% of domains lack adequate protection against XSS attacks, despite CSP implementation. Vulnerabilities include the misuse of 'unsafe-inline' directives and reliance on white-listing-based policies over nonce-based alternatives. These findings highlight the need for a comprehensive CSP approach, prioritizing script and web control. Strategies to enhance website security, such as stricter CSP configurations, are discussed, emphasizing nonce-based strategies and comprehensive directive coverage.postersengCopyright of the original work is retained by the author.Text