Skip to main content
Cyber Monday

Deal expires in

- Days
:
- Hours
:
- Minutes
:
- Seconds

Get up to 50% off on CookieYes!

Show popup

Content Security Policy

Last updated on July 31, 2024

What is Content Security Policy?

Content Security Policy (CSP) is a security feature websites use to protect against common web vulnerabilities and attacks such as cross-site scripting (XSS) and data injection. CSP works by setting up a policy determining which content sources or types can load or execute on a webpage. It can restrict the loading of external resources so that they only come from trusted sources.  It can also control how inline scripts or event handlers can run. 

Implementation

CSP is implemented by defining an HTTP header containing a set of rules or directives, instructing the browser on handling different types of content and resources on the webpage. 

To implement Cookieyes with CSP, you can set “*.cookieyes.com”  and  “cdn.cookieyes.com” as authorised domains/sub-domains; we also support the following directives.

default-srcnone
script-srcselfcdn-cookieyes.com
style-srcself‘ ‘unsafe-inline
connect-srcself*.cookieyes.com cdn-cookieyes.com
img-srcselfcdn-cookieyes.com
font-srcself‘ 
object-srcnone

The security protocol requirements may be different for your organisation.

In a meta tag, you can implement CSP using the directives and domain mentioned above, as shown in the following illustration:

<meta
  http-equiv="Content-Security-Policy"
  content="default-src 'none'; script-src 'self' cdn-cookieyes.com; style-src 'self' 'unsafe-inline'; connect-src 'self' *.cookieyes.com cdn-cookieyes.com; img-src 'self' cdn-cookieyes.com; object-src 'none'; font-src 'self';"
/>

To assess the effectiveness and correctness of your CSP implementation, you can analyze and evaluate it through Google CSP Evaluator, which allows you to input your CSP header and get a report on its effectiveness. It provides recommendations and suggestions to improve your policy based on best practices.

Have more questions?

Reach out to us and we'll answer them.

Contact us