News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

DashExamples.com:
Add a Content Security Policy(CSP) to your Web Site with PHP
August 25, 2011 @ 13:11:36

Related to this other post about content security policies in PHP sites, DashExamples.com has a quick new post about what you'll need to add to your application to implement a policy of your own.

Content Security Policy(CSP) is a mechanism in the browser that restricts what content will be requested and run by the browser. CSP does this by passing in a specific response header that tells the browser what resources (images, javascript, css, frames, etc) can be requested and accepted to execute. There are multiple ways to setup CSP for your web site, you can use your web server configuration like I showed in a previous example or use a dynamic scripting language like PHP.

What it really boils down to is setting a header, either X-Content-Security-Policy or X-Content-Security-Policy-Report-Only, to tell the browser what security policy to use and how to honor it. You can find out more about content security policies from this page on the Mozilla wiki. CSPs allow you to define how your site's content interacts and help to prevent issues like XSS and data injection.

0 comments voice your opinion now!
content security policy tutorial header


blog comments powered by Disqus

Similar Posts

Fabien Potencier's Blog: Create your own framework... on top of the Symfony2 Components (part 2)

Jani Hartikainen's Blog: Dealing with different password validation schemes in a single app

Think-PHP Blog: Detect and fix security vulnerabilities on server side within seconds

PHPBuilder.com: Creating and Manipulating PDFs with PHP and FPDF

Rob Allen: Setting up Zend Server 6 on OS X for PHP development


Community Events





Don't see your event here?
Let us know!


unittest opinion laravel series framework install configure symfony2 community testing podcast code release interview language developer introduction refactor threedevsandamaybe list

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework