CSP is a valuable defence against XSS and other attacks on web applications. This talk provides an introduction to the technology, why it's needed, how it works and also provides some hints on overcoming a few of the challenges presented by using CSP in the real world.