Mozilla has made Firefox 4 available to download for Windows, Mac OS X and Linux. The latest version includes security features, 'do not track' and CSP.
On its engineering blog, Twitter says it has been testing the new CSP feature for the past few weeks. "This policy is a standard developed by Mozilla that aims to thwart cross-site scripting (XSS) attacks at their point of execution, the browser."
"Although activating CSP is easy, in order for it to work correctly you may need to modify your site. In our case it meant removing all inline Javascript," Twitter advised.
"Allowing sites like Twitter to disable inline Javascript and whitelist external assets is a huge step towards neutralizing XSS attacks," it continued in the blog post.
Brandon Sterne from Twitter's security team said in a blog post: "We expect CSP to be used widely and adopted very quickly. Popular commercial websites like Twitter are already using it, and there are CSP plug-ins for many of the popular content management systems like Wordpress, Django and Drupal. If this works out according to plan, the curtain will soon be coming down on a broad range of nasty web bugs."
Twitter hopes sites that depend on client-side code and user-generated content will be able to make use of the CSP standard in other browsers soon.
This story was first published by Computer Weekly