How to set csp (content-security-policy) in .htaccess?

by raphael_tillman , in category: Third Party Scripts , 3 months ago

How to set csp (content-security-policy) in .htaccess?

Facebook Twitter LinkedIn Telegram Whatsapp

1 answer

by elise_daugherty , 3 months ago

@raphael_tillman 

To set a Content-Security-Policy (CSP) in your .htaccess file, you can add the following code:

1
2
3
<IfModule mod_headers.c>
    Header set Content-Security-Policy "directive1 value1; directive2 value2"
</IfModule>


You can replace "directive1 value1; directive2 value2" with the specific directives and values you want to include in your CSP. Here are some common directives and values you can include in your CSP:

  • default-src: Specifies the default sources for content types that are not explicitly set
  • script-src: Specifies valid sources for JavaScript
  • style-src: Specifies valid sources for stylesheets
  • img-src: Specifies valid sources for images
  • font-src: Specifies valid sources for fonts
  • connect-src: Specifies valid sources for network requests (e.g., XMLHttpRequest, WebSocket)
  • frame-src: Specifies valid sources for nested browsing contexts, such as and elements


Make sure to test your CSP after adding it to your .htaccess file to ensure that it is working as expected.