Methods, systems, and computer-readable storage media for inhibiting cross-site scripting (XSS) attacks, where actions include receiving a computer-readable document that provides a content security policy (CSP) for a website and an extension to the CSP, the CSP specifying allowed script checksums, each allowed script checksum being associated with a script that is allowed to be executed, the extension requiring comparison of script checksums before respective scripts can be executed, receiving script templates and a value list, calculating an expected script checksum for each script template to provide respective expected script checksums, comparing the expected script checksums to the allowed script checksums, and determining that at least one expected script checksum matches an allowed script checksum, and in response, executing a respective script that corresponds to the at least one expected script checksum.