What is a Content Security Policy?
CSP is one of your first lines of defense against malicious actors on the internet. What a content security policy allows you to do, fundamentally, is to to specify what addresses you want to allow your website to load scripts and other resources from. It looks something like this:
To set it you will either add the above line (configured to your liking) to the header section of every page on your website, or configure your server to do the same thing for you. Visit the MDN Docs example section if you want to jump the gun and just get going right away, or read on to learn more about the why and the details.
Using a Content Security Policy:
You assemble the attributes of the CSP in the following format:
content="{sourceType} {restrictionRule}; {sourceType}{restrictionRule}; {sourceType} {restrictionRule}; etc..."There are 5 sourceTypes in the CSP that you should be aware of. Each of them…
