aixlabDocs
GitHub Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
  1. aixlabDocs
  2. /
  3. Implementation Rules
  4. /
  5. Security Rules
  6. /
  7. Application Security
  8. /
  9. HTTP Securty Headers
  10. /
  11. Content Security Policy (CSP)

Content Security Policy (CSP)

One minute to read Content Security Policy CSP CSS HTTP headers

The Content Security Policy (CSP) enables web site administrators to control what types of files and other resources a site visitor’s browser can load for a given page. By prohibiting a browser from loading content from untrusted domains, a CSP protects them against cross-site scripting (XSS) attacks that cause theft of sensitive information or other problems for the site visitor.

To be effective, a CSP’s directives should be as specific as possible about what content or source domains are allowed. If the directives are too general, threat actors can work around them and inject malicious scripts into seemingly acceptable content.

source

In some hugo themes inline css is used. Therefore the security has to be lowered to allow inline css: style-src ‘self’ ‘unsafe-inline’.

content-security-policy	default-src 'self'; style-src 'self' 'unsafe-inline';