CSP Content Security Policy


I need Help i Font Know how to make the CSP Content Security Policy working.

I did some with the Transform Rules but Google Insights says it is Not strong enough

That s Missing



I have try with worker but after this my Site didnt Show good anymore.

Please can you Help me

A step step Guide would bei cool

Thank you to everyone

If you don’t have local scripts running use script-src 'none';

If you do have local scripts running use script-src 'self' if they are in separate files. If they are inline scripts, use a nonce e.g.

<script nonce="1fe61dae67c6">
 console.log("Using a nonce")

and add 'nonce-1fe61dae67c6' to the script-src in the CSP header.

If you are wanting to allow scripts from other sites you can add the site as example.com, e.g. script-src example.com

And you can combine this together

script-src 'self' 'nonce-1fe61dae67c6' example.com;

Similar principles apply for other policy directives.

Check out MDN for (a lot) more information

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.