Content Security Policy Directive

I am checking my site (https://rokuvsfirestick.com) on https://sitecheck.sucuri.net/ and showing this issue “Missing “Content-Security-Policy directive” We recommend to add the following CSP directives (you can use default-src if all values are the same): script-src, object-src, base-uri, frame-src”.

I just want to know how this issue will be solved in Cloudflare. I am using Cloudflare free account.

Hi @rokuvsfirestick,

This is a header that needs to be added, it is usually done on the server side and there is not a built in way to achieve this with Cloudflare. You could use Cloudflare Workers with this, but may need to upgrade, depending on the number of requests you get.

More info on the Workers option from @ScottHelme here:
https://scotthelme.co.uk/security-headers-cloudflare-worker/

Well…I add them to my sites, but they don’t need to be there. As the Sucuri message says: “recommend”. script-src and style-src always bite me due to inline scripts/styles. Using ‘unsafe-inline’ ends up being my workaround most of the time. :slightly_frowning_face:

1 Like

Of course, I was meaning in order to achieve the recommended security by the scan. They are worth doing, but not a requirement.

1 Like

Thanks, Domjh

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.