Skip to main content
Information Security

Questions tagged [content-security-policy]

Ask Question

This tag is for the Content-Security-Policy HTTP header. For policies in companies, use [corporate-policy].

217 questions
Newest Active Bountied Unanswered
0 votes
1 answer
40 views

I have recently added CSP headers to a rather complex web application, being -report-only at first. I got some noise from browser extensions in the report, but two incidents caught my eye especially: ...
cis's user avatar
  • 417
0 votes
2 answers
97 views

I just ran into a weird situation with Burp Suite Professional. They unfortunately discontinued their forum, so I'm asking here. It starts with the following Content-Security Policy (CSP): Content-...
John Nemo's user avatar
  • 110
1 vote
0 answers
136 views

I'm experimenting with Direct Sockets TCPServerSocket, TCPSocket, and UDPSocket in an Isolated Web App (IWA) on Chromium browser. The maintainers are trying to uphold the claim that a window can ...
guest271314's user avatar
  • 149
0 votes
1 answer
107 views

I'm currently on the development team for a Shopware webshop with approximately 650.000 users. The client requested the installation of the following two plugins: CMS HTML Code Block and Custom ...
O'Niel's user avatar
  • 3,540
4 votes
1 answer
861 views

This question is specific to Clickjacking attacks and Content Security Policy. When the server sends a static resource, such as .gif, .woff, .js file, which is not an .html, what is the security ...
postoronnim's user avatar
  • 498
0 votes
1 answer
760 views

I am trying to implement a CSP policy for our Angular 18 application based on Angular's CSP recommendation and I have found that their recommendation does not make sense to me. Specifically their use ...
java-addict301's user avatar
  • 105
0 votes
1 answer
377 views

Before I start, I have found a few related references to this question, but they are not answered previously or are about a slightly different scenario to mine. I have the following need. I need a way ...
Zurf's user avatar
  • 115
3 votes
1 answer
435 views

I host two public sites with WordPress, using different themes (but official ones, named "twenty-something") on an Apache server (Debian Bookworm), and I'm updating my CSP. If I enable ...
MoonSweep's user avatar
  • 133
3 votes
1 answer
2k views

I am currently implementing a feature that allows users to upload documents (mainly pdfs) and view them in the browser without storing them on a server. The application generates a blob URL from the ...
Hiba Al Dalaty's user avatar
  • 31
1 vote
0 answers
119 views

I keep getting Content Security Policy reports saying that https://googleads.g.doubleclick.net:443/pagead/viewthroughconversion/[redacted]/?random=... has been blocked by the img-src [...
Notts90's user avatar
  • 111
1 vote
1 answer
417 views

I recently added some inline SVG images to my website, and the browsers complained about the style attributes within the SVG code not being covered by my strict CSP (style-src: self). Instead of ...
janeden's user avatar
  • 135
1 vote
1 answer
188 views

I would like to set up som basic monitoring of outgoing traffic for a number of web applications and api´s running in AWS. E.g. Ensure specific http headers are in place (Content-Security-Policy and ...
Andreas F's user avatar
  • 141
1 vote
1 answer
632 views

I need to setup CSP header containing report-uri and report-to simultaneously because many site clients using old Firefox and Chrome versions. How to setup both of these attributes in CSP? UPD. Also i ...
Andrew Andrew's user avatar
  • 21
4 votes
1 answer
433 views

I know that basically every modern browser version has a cross-site-scripting blocker for XSSed URLs, as in the type of filter that actually stops a user from visiting the URL, warning them of the ...
security_paranoid's user avatar
  • 4,815
6 votes
1 answer
975 views

For various reasons, I need to shrink my CSP header a bit without degrading its effectiveness. I'm able to save some bytes by wildcarding some subdomains, but I'm also tempted to strip out all ...
Tom Wright's user avatar
  • 163

15 30 50 per page
1
2 3 4 5
15