Content Security Policy ( CSP )

Content Security Policy (CSP) is an extra level of security that assists with locating and repelling specific intrusion types such as Cross-Site Scripting (XSS) and data injection. Data thieves utilize these for stealing information, vandalizing websites, and spreading malicious software.

CSP allows backward compatibility (although CSP version 2 has particular limitations). Browsers that don’t accommodate it still function with servers that do employ it, and the reverse is also true: browsers that do not accommodate CSP will pay no attention to it, normally, falling back on the typical same-origin policy for web content. If the site will not permit the CSP header, browsers will use the basic same-origin policy.

You can initiate CSP by having your webserver send the Content-Security-Policy HTTP header. (There could be times when you see references to the X-Content-Security-Policy header, but this is an obsolete version that no longer applies.)

You could also use <meta>for setting up a policy, for instance:

<meta http-equiv="Content-Security-Policy"      content="default-src 'self'; img-src https://*; child-src 'none';">

Please note that technologies described on Wiki pages are not necessary the part of Plesk control panel or its extensions.

Search
Generic filters
Exact matches only
Search in title
Search in content
Search in excerpt