Content Security Policy (CSP)

CSP Java Example

Here's how to add a Content-Security-Policy HTTP response header using an Apache .htaccess file.

Example CSP Header with Java

By referencing the HTTP Servlet API, we can use the addHeader method of the HttpServletResponse object.

response.addHeader("Content-Security-Policy", "default-src 'self'");

Another way to go

Your policy will go inside the second argument of the addHeader method in the example above.

What goes inside a CSP policy?

If you're not sure what default-src 'self'; means, then check out the Content Security Policy reference for details.