Content Security Policy ( CSP )

Content Security Policy (CSP) is an extra level of security that assists with locating and repelling specific intrusion types such as Cross-Site Scripting (XSS) and data injection. Data thieves utilize these for stealing information, vandalizing websites, and spreading malicious software.

CSP allows backward compatibility (although CSP version 2 has particular limitations). Browsers that don’t accommodate it still function with servers that do employ it, and the reverse is also true: browsers that do not accommodate CSP will pay no attention to it, normally, falling back on the typical same-origin policy for web content. If the site will not permit the CSP header, browsers will use the basic same-origin policy.

You can initiate CSP by having your webserver send the Content-Security-Policy HTTP header. (There could be times when you see references to the X-Content-Security-Policy header, but this is an obsolete version that no longer applies.)

You could also use <meta>for setting up a policy, for instance:

<meta http-equiv="Content-Security-Policy"      content="default-src 'self'; img-src https://*; child-src 'none';">

Please note that technologies described on Wiki pages are not necessary the part of Plesk control panel or its extensions.

Related Posts

Knowledge Base

Plesk uses LiveChat system (3rd party).

By proceeding below, I hereby agree to use LiveChat as an external third party technology. This may involve a transfer of my personal data (e.g. IP Address) to third parties in- or outside of Europe. For more information, please see our Privacy Policy.