web: what are (CSP) HTTP headers? and how to add these in to a web page?

when i analyze my web page i've got this problem.

Set up a "Content-Security-Policy" (CSP) HTTP header. To specify a security policy on the source of your resources, configure your server so the response of the first resource contains the "Content-Security-Policy" HTTP header.

Here's an example:

Content-Security-Policy: script-src 'self' https://apis.google.com In this case, the page loads correctly provided that all the scripts come from the current host or https://apis.google.com.

What does this actually mean?

web

lundi 4 septembre 2017

what are (CSP) HTTP headers? and how to add these in to a web page?

Aucun commentaire:

Enregistrer un commentaire