Content Security Policy (CSP)

Nginx Content-Security-Policy Headers

Here's how to add a Content-Security-Policy HTTP response header to your Nginx site.

Nginx Example CSP Header

Inside your nginx server {} block add:

add_header Content-Security-Policy "default-src 'self';";

You can also append always to the end to ensure that nginx sends the header reguardless of response code.

In the above example we are simply setting a policy:

default-src 'self';

Chances are you will need something more complicated than that, so check out the Content Security Policy reference for more info.