Content Security Policy

Checks for Content-Security-Policy header


Rule ID	`security/csp`
Category	Security
Scope	Per-page
Severity	info
Weight	4/10

Solution

CSP prevents XSS attacks by restricting which resources can load. Start with a report-only policy to identify issues. Key directives: default-src ‘self’, script-src (avoid ‘unsafe-inline’), img-src, style-src, frame-ancestors. Use nonces or hashes instead of ‘unsafe-inline’ for scripts. Test thoroughly as strict CSP can break functionality.

Enable / Disable

Disable this rule

squirrel.toml

[rules]
disable = ["security/csp"]

Disable all Security rules

squirrel.toml

[rules]
disable = ["security/*"]

Enable only this rule

squirrel.toml

[rules]
enable = ["security/csp"]
disable = ["*"]

Getting Started

CLI

Concepts

CLI Reference

Rules Reference

Content Security Policy

Solution

Enable / Disable

Disable this rule

Disable all Security rules

Enable only this rule

Getting Started

CLI

Concepts

CLI Reference

Rules Reference

​Solution

​Enable / Disable

​Disable this rule

​Disable all Security rules

​Enable only this rule

Solution

Enable / Disable

Disable this rule

Disable all Security rules

Enable only this rule