CSP
Content Security Policy (CSP) Configuration Guide
CSP prevents XSS and data injection attacks.
CSP prevents XSS.
## Basic CSP
default-src 'self';
## Allow Scripts
script-src 'self' https://cdn.example.com;
## Report-Only Mode
Content-Security-Policy-Report-Only: default-src 'self'; report-uri /csp-report;
## Testing
Start with Report-Only before enforcing.
## Basic CSP
default-src 'self';
## Allow Scripts
script-src 'self' https://cdn.example.com;
## Report-Only Mode
Content-Security-Policy-Report-Only: default-src 'self'; report-uri /csp-report;
## Testing
Start with Report-Only before enforcing.