Content Security Policy (CSP)

Adding a CSP header with htaccess

Here's how to add a Content-Security-Policy HTTP response header using an Apache .htaccess file.

Example htaccess file

Let's suppose we want to add a CSP policy to our site using the following:

Header add Content-Security-Policy "default-src 'self';"

Your policy will go inside the double quotes in the example above.

What goes inside a CSP policy?

If you're not sure what default-src 'self'; means, then check out the Content Security Policy reference for details.