What is a Content Security Policy?

And why should you implement one on your website?

source: https://www.rahulpnath.com/blog/http-content-security-policy-csp/

Using a Content Security Policy:

content="{sourceType} {restrictionRule}; {sourceType}{restrictionRule}; {sourceType} {restrictionRule}; etc..."
content = "default-src 'self'; style-src 'self'; img-src *; media-src media1.com media2.com; script-src userscripts.example.com;"

How to set restriction rules for each content type:

What about Google Analytics?

script-src: https://www.google-analytics.com https://ssl.google-analytics.com
img-src: https://www.google-analytics.com
connect-src: https://www.google-analytics.com

Why Content security policy?

XSS (Cross Site Scripting)

Packet Sniffing

Product Manager + Software Developer. Interested in Travel, Culture, and the Internet.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store