How to Enable CSP Headers


What is Content-Security-Policy?

Content-Security-Policy is the name of a HTTP response header that modern browsers use to enhance the security of the document (or web page). The Content-Security-Policy header allows the restrict how resources such as JavaScript, CSS, or pretty much anything that the browser loads.

How to Enable CSP Headers

This can be accomplished by enabling the Advanced Setting called Enable HTTP Security Headers (CSP):

This will enable the HTTP security headers and Content Security Policies. Over an HTTP connection, the website will add headers for Content Security Policy, X-Content-Type-Options, X-Frame-Options, and X-XSS-Protection. Over an HTTPS connection, an additional header for Strict-Transport-Security is added.

Results before enabling this advanced setting:

Results after enabling this advanced setting: