Skip to main content

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

6
  • 1
    I have no idea where to put this in my code: "Content-Security-Policy: script-src 'self'" Also, I'm not getting mixed content errors. I don't know what you mean. And your first link is not working.
    – Aran Bins
    Commented Feb 17, 2019 at 7:57
  • In your page head tag as meta key <meta http-equiv="Content-Security-Policy" content="default-src 'self'; img-src https://*; child-src 'none';"> developer.mozilla.org/en-US/docs/Web/HTTP/CSP Header set Content-Security-Policy "default-src 'self';" - also in your .htaccess file content-security-policy.com
    – anittas joseph
    Commented Feb 17, 2019 at 8:01
  • 1
    I tried <meta http-equiv="Content-Security-Policy" content="script-src 'self';"> but now I'm getting Content Security Policy errors, even worse.
    – Aran Bins
    Commented Feb 17, 2019 at 8:02
  • What if I'm using nginx and not apache for my web server? Where do I put " Header set Content-Security-Policy "default-src 'self';" " ?
    – Aran Bins
    Commented Feb 17, 2019 at 8:24
  • I'm also still getting TONS more content security policy errors now after adding <meta http-equiv="Content-Security-Policy" content="default-src 'self'; img-src https://*; child-src 'none';">
    – Aran Bins
    Commented Feb 17, 2019 at 8:25