Content Security Policy (CSP)

Netlify Example

Here's how to add a Content-Security-Policy HTTP response header to your Netlify site.

Netlify Example CSP Header

The easiest way to add headers to your Netlify site is to add the Content-Security-Policy header to your netlify.toml file under the [[headers]] and then under [headers.values]

  for = "/*"
    Content-Security-Policy = "default-src 'self';"

In the above example we are simply setting a policy:

default-src 'self';

Chances are you will need something more involved than that

What goes inside a Content Security Policy?

If you're not sure what default-src 'self'; means, then check out the Content Security Policy reference for details.

Another Option for Netlify

Instead of using netlify.toml you can instead place a file named _headers in the publish directory of your site. The syntax for that file might look like this:

  Content-Security-Policy: default-src 'self';
CSP Developer Field Guide

CSP Developer Field Guide

Want to learn the ins and outs CSP? Grab a copy of the CSP Developer Field Guide. It's a short and sweet guide to help developers get up to speed quickly.

Grab a Copy

Struggling to stay on top of security advisories?

Advisory Week is a weekly roundup of all the security advisories published by the major software vendors.