Content Security Policy (CSP)

OpenBSD relayd Content-Security-Policy Response Headers

Here's how to add a Content-Security-Policy HTTP response header to your OpenBSD relayd proxy server configuration.

Example relayd Configuration

http protocol "https_reverse_proxy" {

	#other relayd config...

	#Add Content-Security-Policy HTTP Response header
	match response header set "Content-Security-Policy" value "default-src 'self'"

Here we use match response header since Content-Security-Policy is a HTTP response header. Next we use set "Content-Security-Policy" to tell relayd the name of the header we want to set. Finally the header value is assigned with value "default-src 'self'". With the above example, you should see the following HTTP response header in your HTTP response:

Content-Security-Policy: default-src 'self'

Dig deeper with CSP

The Content-Security-Policy header value in our example was simply:

default-src 'self'

You are probably going to need a more complicated CSP header value that that, so your next steps if you are not familiar with CSP is to take a look at the CSP Header Reference or more CSP examples.

CSP Developer Field Guide

CSP Developer Field Guide

Want to learn the ins and outs CSP? Grab a copy of the CSP Developer Field Guide. It's a short and sweet guide to help developers get up to speed quickly.

Grab a Copy

Struggling to stay on top of security advisories?

Advisory Week is a weekly roundup of all the security advisories published by the major software vendors.