GreySec Forums Programming and Development Web Oriented Languages Website hardening. Content Security Policy
Thread Modes
Website hardening. Content Security Policy
robinhoood
Junior Member
 **
Posts: 35
Threads: 5
Joined: Dec 2020
Reputation: 5
#1
01-03-2021, 02:37 AM
https://content-security-policy.com

Just one line but a massive effectiveness. Here i show you an example how it looks like.

Code:
<meta http-equiv="content-security-policy" content="default-src 'self'; script-src 'none'; object-src 'none'; media-src 'none'; font-src 'none'; connect-src 'none'; base-uri 'none'">

[Image: 25db794a67210eb9c084df07da2b1c9f4f02fdbd...b97bec.png]
Reply
Insider
Enemy of the state
 Administrators
Posts: 1,390
Threads: 372
Joined: Jun 2015
Reputation: 60

Staff
#2
01-03-2021, 02:42 AM
Thanks for the share!

Even better, if you have access to the webserver you can add these headers directly in the http requests:
https://webdock.io/en/docs/how-guides/ho...and-apache
Reply
robinhoood
Junior Member
 **
Posts: 35
Threads: 5
Joined: Dec 2020
Reputation: 5
#3
01-08-2021, 12:28 AM
(01-03-2021, 02:42 AM)Insider Wrote: Thanks for the share!

Thank you! Your Link is great.
Reply