diff --git a/src/network-services-pentesting/pentesting-web/electron-desktop-apps/README.md b/src/network-services-pentesting/pentesting-web/electron-desktop-apps/README.md
index 5f4361c3f..306e483a6 100644
--- a/src/network-services-pentesting/pentesting-web/electron-desktop-apps/README.md
+++ b/src/network-services-pentesting/pentesting-web/electron-desktop-apps/README.md
@@ -396,6 +396,19 @@ This function whows the given file in a file manager, which **could automaticall
 
 For more information check [https://blog.doyensec.com/2021/02/16/electron-apis-misuse.html](https://blog.doyensec.com/2021/02/16/electron-apis-misuse.html)
 
+## Content Security Policy
+
+Electron apps should have a **Content Security Policy (CSP)** to **prevent XSS attacks**. The **CSP** is a **security standard** that helps **prevent** the **execution** of **untrusted code** in the browser.
+
+It's usually **configured** in the **`main.js`** file or in the **`index.html`** template with the CSP inside a **meta tag**.
+
+For more information check:
+
+{{#ref}}
+pentesting-web/content-security-policy-csp-bypass/
+{{#endref}}
+
+
 ## **Tools**
 
 - [**Electronegativity**](https://github.com/doyensec/electronegativity) is a tool to identify misconfigurations and security anti-patterns in Electron-based applications.