Activating Base Configuration

Content Security Policy (CSP) is a security mechanism used by web applications to reduce the risks of cross-site scripting (XSS) attacks and other code injection vulnerabilities. The basic setup for this policy involves choosing which sources of content your company will allow or trust. This helps improve the security of your web application by defending against various types of attacks.

• Script Source

  The Script Source defines the trusted sources from which scripts can be loaded and run on a web page. By setting the allowed script sources, you can prevent the execution of malicious scripts from unauthorized origins. For instance, you might specify that scripts are only allowed from your own domain or specific trusted domains.

• Style Source

  The Style Source origin defines trusted sources from which stylesheets (CSS) can be loaded on a web page. It enables you to restrict the loading of stylesheets from untrusted or potentially harmful sources.

• Default Source

  The Default Source acts as a fallback when a specific source isn't defined for a particular content type. It is used when there is no explicit policy set for script, style, frame, or image sources. The default source can be set to 'none' to prevent any content of that type from loading.

• Frame Source

  The Frame Source specifies trusted sources that can load frames or iframes on a web page. It helps you control which websites or domains can embed your content within their frames.

• Image Source

  The Image Source specifies trusted sources from which images can be loaded on a web page. By defining the allowed image sources, you can prevent images from untrusted or potentially malicious sources from displaying.