The HTTP Content-Security-Policy response header allows web site administrators to control resources the user agent is allowed to load for a given page. With a few exceptions, policies mostly involve specifying server origins and script endpoints. This helps guard against cross-site scripting attacks (XSS).
Syntax is like below
Content-Security-Policy:;
Below are the directives
Fetch directives control locations from which certain resource types may be loaded.
child-src : Defines the valid sources for web workers and nested browsing contexts loaded using elements such as and
Syntax is like below
Content-Security-Policy:
Below are the directives
Fetch directives control locations from which certain resource types may be loaded.
child-src : Defines the valid sources for web workers and nested browsing contexts loaded using elements such as and
No comments:
Post a Comment