Content Security Policy (CSP) is an HTTP header that allows site operators fine-grained control over where resources on their site can be loaded from. The use of this header is the best method to prevent cross-site scripting (XSS) vulnerabilities.
For implementing this we will need to allow the setting of the value to be editable by site admin as some sites may need to be more relaxed than others.
Content Security Policy (CSP) is an HTTP header that allows site operators fine-grained control over where resources on their site can be loaded from. The use of this header is the best method to prevent cross-site scripting (XSS) vulnerabilities.
For implementing this we will need to allow the setting of the value to be editable by site admin as some sites may need to be more relaxed than others.
A good tool for working out what is needed is /report- uri.com/ home/generate
https:/
There are 'report' options that will allow an admin to get info on what things are violating the policy to help fine tune what settings are needed.