Content Security Policy ( CSP )

Content Security Policy (CSP) is an extra level of security that assists with locating and repelling specific intrusion types such as Cross-Site Scripting (XSS) and data injection. Data thieves utilize these for stealing information, vandalizing websites, and spreading malicious software.

CSP allows backward compatibility (although CSP version 2 has particular limitations). Browsers that don’t accommodate it still function with servers that do employ it, and the reverse is also true: browsers that do not accommodate CSP will pay no attention to it, normally, falling back on the typical same-origin policy for web content. If the site will not permit the CSP header, browsers will use the basic same-origin policy.

You can initiate CSP by having your webserver send the Content-Security-Policy HTTP header. (There could be times when you see references to the X-Content-Security-Policy header, but this is an obsolete version that no longer applies.)

You could also use <meta>for setting up a policy, for instance:

<meta http-equiv="Content-Security-Policy"      content="default-src 'self'; img-src https://*; child-src 'none';">

Please note that technologies described on Wiki pages are not necessary the part of Plesk control panel or its extensions.

Related Posts

Knowledge Base