Content Security Policy
Automatically detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection.Get Started
Don’t become the victim of cross site scripting attacks.
With Section’s CSP module, system administrators can easily define, enforce, and track activity around security policies to ensure that browsers only execute scripts from valid sources.
Implement a range of security policies.
The CSP Module provides flexibility and control to configure security policies that are most suitable for a given application’s unique requirements and risk profile.
Common security policies might include:
- All content must come from the site’s own origin (excluding subdomains).
- Allow content from a trust domain and all its subdomains.
- All content must be loaded using TLS.
Section’s Content Security Policy Module is an implementation of defined CSP protocols around HTTP.
The CSP Module accepts user-defined security policies for browsers to determine which origins to accept content from. These policies are passed through using a
Content-Security-Policy HTTP header, which will block assets requested from origins not in the list. You can also configure settings for the browser to send reports to a designated url using the
report-uri directive of the
If you need assistance setting this up, Section’s experienced engineers will help you implement the CSP Module during an activation session.
Ready to jump in?
Sign up for a Section account to deploy your CSP module at the Edge.