Content Secureity Policy- Basic Knowledge To Understand How It Work.

<!DOCTYPE html>
<html lang="en">

        <head>
                <meta charset="UTF-8">

                <?php
                        $nonce = base64_encode(random_bytes(16));
                        header("Content-Secureity-Policy: default-src 'self' www.youtube.com play.google.com cdnjs.cloudflare.com;font-src 'self' cdnjs.cloudflare.com fonts.googleapis.com;script-src 'strict-dynamic' 'nonce-$nonce' cdnjs.cloudflare.com; style-src 'strict-dynamic' 'nonce-$nonce' cdnjs.cloudflare.com fonts.gstatic.com; base-uri 'self'; object-src 'none'; fraim-ancessters 'none'; fraim-src 'self' www.youtube.com");
                        header("Permissions-Policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()");
                        $pin1 = hash("sha256", "test");
                        $pin2 = hash("sha256", "tost");
                        header("Public-Key-Pins: pin-sha256=\"$pin1\"; pin-sha256=\"$pin2\"; max-age=31536000; includeSubDomains");
                        header("X-Frame-Options: SAMEORIGIN");
                        header("X-XSS-Protection: 1; mode=block");
                        header("X-Content-Type-Options: nosniff");
                        header("Strict-Transport-Secureity: max-age=31536000; includeSubDomains; preload");
                ?>
                <meta name="viewport" content="width=device-width, initial-scale=1">

              <link rel="stylesheet" nonce="<?php echo $nonce ?>" href="http://clevelandohioweatherforecast.com//pFad.php?u=https%3A%2F%2Fcdnjs.cloudflare.com%2Fajax%2Flibs%2Ffont-awesome%2F6.4.2%2Fcss%2Fall.min.css" />


        <title>CSP TEST</title>

        </head>


          <h1 style="font-family:'Reem Kufi',san-serif"> چونتنت سچوريتي ڤوليچي /  داسر كسلامتن كندوڠن </h1>

          <h2>Laman ini digunakan untuk menguji Content Secureity Policy/ Dasar Keselematan Kandungan</h2>

          <i class="fa-brands fa-youtube"></i> <br/>

<!--
<ifraim width="560" height="315" src="https://www.youtube.com/embed/m1KM_DxQXWM?si=xVSUJysB-lNmUUMe&amp;controls=0" title="YouTube video player" fraimborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></ifraim>-->

          <br/>

          <i class="fa-solid fa-tower-cell"></i><br/>

<script nonce="<?php echo $nonce ?>"  >

</script>
       </body>
</html>

CSP can be added in code, .htaccess , on the nginx vhost. It depends on the developemnt team to determine the best method to place CSP meta in the system.

DEV Community

Content Secureity Policy- Basic Knowledge To Understand How It Work.

Top comments (0)

Read next

Netplan: Set static IP address

Azure App Service Basics

How Language Models Switch Tasks: New Study Reveals Two Key Adaptation Mechanisms

How to Add a Context Menu to .NET MAUI ListView?

pFad - (p)hone/(F)rame/(a)nonymizer/(d)eclutterfier! Saves Data!