CSP

Content Security Policy (CSP) Configuration Guide

CSP prevents XSS and data injection attacks.

CSP prevents XSS.

## Basic CSP
default-src 'self';

## Allow Scripts
script-src 'self' https://cdn.example.com;

## Report-Only Mode
Content-Security-Policy-Report-Only: default-src 'self'; report-uri /csp-report;

## Testing
Start with Report-Only before enforcing.

Was this article helpful?