Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Content security policy not working

Tags:

http-headers

browser

http

content-security-policy

I am adding to my response header this header:

x-content-security-policy default-src 'none';

I would expect no css or images to be loaded on the page, but everything is loaded. What am I doing wrong?

like image 914
MrProper Avatar asked Dec 06 '25 04:12

MrProper

1 Answers

For Chrome and newer (v. 23 and newer) versions of Firefox:

Content-Security-Policy: default-src 'none'

For Safari:

X-Webkit-CSP: default-src 'none'

For older versions of Firefox (v. 23 and older):

X-Content-Security-Policy: default-src 'none'

Sorry - with IE, only the sandbox policy is recognized, and that only in IE 10 and newer.

like image 77
Colselaw Avatar answered Dec 09 '25 14:12

Colselaw
Sign in to Comment

Related questions

What happens to an http Request when the user leaves page in the meantime?
Apache not accessible from the outside world, working internally [closed]
Does the Location header accept the // protocol notation?
Check requests to server from the application written in Flash
URL Rewrite in ASP.NET 3.5 and IIS 7 using HTTP Module
How to add cache-control to a @RestController servlet path?
Using empty PUT on a REST service
Parsing Python HTML POST data from BaseHTTPServer
Flutter http response.body bad utf8 encoding
Reading text from Google Drive files
HTTP PUT request, how can i generate one and where can i find examples/syntax?
Transmit data to client on specific page, based on SQL Server column or row update

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!