Back to Website
Product Documentation Commerce Content Security Policy

Content Security Policy

What is a Content Security Policy?

A Content Security Policy (CSP) is a critical security feature that helps protect your website from various types of attacks, particularly cross-site scripting (XSS) and data injection attacks. It works by specifying which content sources are trusted, effectively controlling what resources can be loaded on your web page.

A CSP is implemented through HTTP headers or meta tags that instruct the browser which domains, subdomains, and types of resources are permitted to load. For example, you can specify that scripts should only load from your own domain, or that images can come from both your domain and a trusted third-party service.

Read more about it here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP

Content Security Policy in Kodaris

Kodaris provides you with the flexibility to modify your Content Security Policy according to your specific needs. This feature allows you to:

  1. Integrate third-party services and resources
  2. Customize security settings for different environments
  3. Implement different levels of security based on your requirements

Why You Should Be Careful When Modifying Your CSP

While the ability to modify your CSP offers great flexibility, it comes with significant responsibility:

  1. Security Implications: Loosening your CSP can expose your application to security vulnerabilities. Each modification that makes your policy more permissive increases potential attack surfaces.
  2. Functionality Risks: Be careful when editing your CSP as you can unintentionally affect your site functionality. Changes may prevent scripts, images, styles, or other resources from loading properly, causing parts of your website to break or behave unexpectedly.
  3. Compliance Concerns: For regulated industries, modifying security policies might impact your compliance status with standards like PCI DSS, HIPAA, or GDPR.

Best Practices for CSP Modifications

When modifying your CSP in Kodaris:

  • Test thoroughly: Always test CSP changes in your test environment first or during non-business hours
  • Make incremental changes: Modify one directive at a time and verify functionality.
  • Document all changes: Keep a record of what was changed, when, and why.
  • Review regularly: Security requirements evolve; regularly review your CSP to ensure it remains appropriate.

How to Modify Your CSP

Please refer to the following video on how to modify your CSP:

https://youtu.be/mLIRtMVNl98?feature=shared&t=109
In this article