Content Security Policy (CSP) is an HTTP header that instructs the browser to limit loading of external assets, such as scripts, styles or media to specific sources.
It prevents wide categories of attacks, such as cross-site scripting (XSS), click-jacking and other code injection.
Enabling Content Security Policy into your app is straightforward with Sqreen.
Your application internal and external contents are suggested in your Sqreen dashboard. All you need is to choose the assets you authorize or those you reject from your policy. They are automatically updated in your dashboard when your code is modified.
Once your policy is defined, you can save it on the dashboard. Your application automatically updates its HTTP header to update the new policy.
You automatically receive a notification when new internal/external content is added into your code, so you can decide if you want to authorize it.