Skip to content
PandaSuite Docs

Content Security Policy

Content Security Policy (CSP) is a crucial security measure for web applications aimed at preventing attacks such as cross-site scripting (XSS) and malicious content injection.

By defining strict rules about authorized sources for loading resources (scripts, styles, images, etc.), CSP significantly reduces the risks associated with executing unapproved content.

Security Strategy Image

Why implement a CSP?

Implementing a CSP offers several benefits:

  • Protection against XSS: by blocking unauthorized scripts, CSP prevents attackers from injecting malicious code into your web pages.
  • Prevention of content hijacking: it controls the sources from which resources can be loaded, thereby avoiding the loading of potentially dangerous content.
  • Strengthening user trust: by securing your application, you demonstrate your commitment to protecting user data.

Integrate a CSP into your application

To implement CSP and add authorized sources for your web application, follow these steps:

  • Access your application dashboard.
  • Go to Settings > Web > Security Strategy.
  • Choose whether or not to enable CSP: it is possible to disable Content Security Policy (CSP) in specific cases where security is not a priority or when CSP constraints are incompatible with your project.
  • In the CSP settings, specify the allowed sources or domains for integrating your content.
  • Save the changes to activate the content security policy.

By defining these authorized sources, you precisely control where and how your application can be integrated, thereby enhancing its security and integrity.