The Content-Security-Policy header allows your Drupal site to inform browsers of trusted sources for JavaScript, CSS, and other external resources. This adds a security layer to detect and mitigate the risk of Cross Site Scripting (XSS), data injection, and other vulnerabilities.
Features
- Integrates with Drupal's Libraries API to automatically generate a default site-wide policy for JavaScript and CSS
- Up-to-date with the latest CSP Level 3 Working Draft
- Policy is automatically optimized to remove duplicate directives and reduce header length
- Dispatches an event to allow other modules to alter policies for each request
- Policy Violation logging integrations:
Project information
- Project categories: Integrations, Security
- Ecosystem: Permissions Policy, Reporting API
23,482 sites report using this module- Created by gapple on , updated
Stable releases for this project are covered by the security advisory policy.
Look for the shield icon below.
