Edge Module

Content Security Policy

Automatically detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection.

Get Started

Don’t become the victim of cross site scripting attacks.

With Section’s CSP module, system administrators can easily define, enforce, and track activity around security policies to ensure that browsers only execute scripts from valid sources.

 feature icons green security green

XSS attacks exploit the browser's trust of the content received from the server. Section's CSP Module adds a layer of security at the edge to detect and mitigate these threats.

 feature icons green gear green

Define security policies that tell browsers which domains to allow content from and which to restrict. For example, only allow content from a defined domain and all its subdomains.

 feature icons green graph green

Monitor violations in Section's real-time logs. When enabled, the CSP Module's reporting feature will inject headers into all HTTP responses so you can search, filter, and visualize module activity.

 feature icons green speed green

Enhance your application's security without compromising performance. Combine the CSP Module with image and full page caching on Section to deliver a better user experience.

Implement a range of security policies.

The CSP Module provides flexibility and control to configure security policies that are most suitable for a given application’s unique requirements and risk profile.

Common security policies might include:

  • All content must come from the site’s own origin (excluding subdomains).
  • Allow content from a trust domain and all its subdomains.
  • All content must be loaded using TLS.
  • Allow HTML in email, as well as images loaded from anywhere, but restrict JavaScript or other potentially dangerous content.

Technical Details

CSP Module

Section’s Content Security Policy Module is an implementation of defined CSP protocols around HTTP.

The CSP Module accepts user-defined security policies for browsers to determine which origins to accept content from. These policies are passed through using a Content-Security-Policy HTTP header, which will block assets requested from origins not in the list. You can also configure settings for the browser to send reports to a designated url using the report-uri directive of the Content-Security-Policy header.

If you need assistance setting this up, Section’s experienced engineers will help you implement the CSP Module during an activation session.

Ready to jump in?

Sign up for a Section account to deploy your CSP module at the Edge.