Content Security Policy (CSP)
Hi there đ, I am Anil Verma I am a passionate Full Stack Web Developer who is fascinated by complex engineering problems.
Content-Security-Policy HTTP response header helps you reduce risks like XSS, data injection attacks, and ClickJacking.
Content-Security-Policy(HTTP response header) used by modern browsers to enhance the security of the web page.
How to Enable CSP- We can enable CSP in two ways -:1. FROM SERVER WITH RESPONSE HEADER
2. SET AS META TAG
FROM SERVER WITH RESPONSE HEADER Configure your webserver to return the Content-Security-Policy HTTP header
**SET AS META TAG
**<meta http-equiv=âContent-Security-Policyâ content=â**CSP Directive Reference**â>
**ex**\- <meta http-equiv=âContent-Security-Policyâ content=âdefault-src âselfâ; img-src [https://\*;](https://*;) â>
CSP Directive References
default-srcâ Directive defines the default policy for fetching resources such as JavaScript, Images, CSS, Fonts, AJAX requests, Frames, HTML5 Media.
Allow everything but only from the same origin â default-src âselfâ;script-src ââOnly Allow Scripts from the same originâââscript-src âselfâ;
style-src ââOnly Allow styles from the same originâââstyle-src âselfâ;
img-src- Only Allow images from the same originâââimg-src âselfâ;
There are many more which you can refer to from here
Allow from trusted Domain Content-Security-Policy: default-src âselfâ dominName *.domainName
Content load using TLS- Content-Security-Policy: default-src https://domainNAME
Allow HTML in emails and images from anywhere, but not other potentially dangerous content
Happy LearningâŠđđ