Content Security Policy (CSP)

CSP Java Example

Here's how to add a Content-Security-Policy HTTP response header using Java.

Example CSP Header with Java

By referencing the HTTP Servlet API, we can use the addHeader method of the HttpServletResponse object.

response.addHeader("Content-Security-Policy", "default-src 'self'");

Your policy will go inside the second argument of the addHeader method in the example above.

Another way to go

Instead of writing the header directly from your Java code or JSP code, you can instead use your web server to write the header. For example CSP with nginx or CSP with Apache via htaccess.

What goes inside a CSP policy?

If you're not sure what default-src 'self'; means, then check out the Content Security Policy reference for details.