Deploy a Content Security Policy: The Basics
What is a content security policy all about? Well, it’s a layer of security that acts as an “allowlist” when a user interacts with your website and web applications. For example, when a user visits your website the request is sent to the web server, and the server responds with all assets that should be loaded on that page. During this process, the system will execute scripts on the client side, i.e., first- and third-party scripts, images and other assets that load in the browser. There is risk here in the form of cross-site scripting (XSS) attacks, JS injection attack, formjacking, and data skimming attacks. In addition, poorly placed tracking code, while not malicious, may also be sending highly sensitive information to the wrong people. This is where a CSP will come in handy.