How to set csp (content-security-policy) in .htaccess?
How to set csp (content-security-policy) in .htaccess?
1 answer
by
elise_daugherty ,
2 months ago
@raphael_tillman
To set a Content-Security-Policy (CSP) in your .htaccess file, you can add the following code:
1 2 3 |
<IfModule mod_headers.c>
Header set Content-Security-Policy "directive1 value1; directive2 value2"
</IfModule>
|
You can replace "directive1 value1; directive2 value2" with the specific directives and values you want to include in your CSP. Here are some common directives and values you can include in your CSP:
- default-src: Specifies the default sources for content types that are not explicitly set
- script-src: Specifies valid sources for JavaScript
- style-src: Specifies valid sources for stylesheets
- img-src: Specifies valid sources for images
- font-src: Specifies valid sources for fonts
- connect-src: Specifies valid sources for network requests (e.g., XMLHttpRequest, WebSocket)
- frame-src: Specifies valid sources for nested browsing contexts, such as and elements
Make sure to test your CSP after adding it to your .htaccess file to ensure that it is working as expected.
Related Threads:
How to add below security headers in .htaccess wordpress?
How to set https-only header on .htaccess?
How to set apache configurations in .htaccess file?
How to check multiple cookies are set in .htaccess?
How to set url rewriting in .htaccess file?
How to use the Symfony security bundle to handle security tasks?