Content Security Policy (CSP) is a computer security standard introduced to prevent cross-site scripting (XSS), clickjacking and other code injection attacks, as defined by this wikipedia article.
There are multiple ways to achieve this, the steps below use "nonce" keyword to target the script block.
- Make sure the server response header contains the following:
Content-Security-Policy: script-src 'self' cdn.split.io 'nonce-swfT4W3546RtDw4';
<script nonce="swfT4W3546RtDw4"> ... </script>
The nonce key is any random characters generated, just make sure the response and script tags keys are matched.
Please sign in to leave a comment.