Avoid Cross-Site Scripting (XSS) Attacks with Content-Security-Policy | BoldGrid

What is Cross Site Scripting?

One of the tenets of web security is the same-origin policy which restricts how resources with one origin can interact with documents or scripts from another.  The same origin policy helps to isolate potentially malicious content and reduce the number of available attaack vectors to compromise security. Cross Site Scripting (XSS) attacks bypass this core security feature by injecting client-side scripts to trick the browser into thinking malicious code has a trusted source, which makes it much easier for attackers to access sensitive information.

How does Content Security Policy stop XSS?

One way to prevent XSS attacks is to create a Content Security Policy (CSP) for your website.  A CSP is a strict set of rules that only allows scripts from a predetermined list of trusted sources, and any script that tries to load outside of that list will be blocked.  CSPs can be configured to handle a variety of resources and is not limited to only policing scripts, and these strict source rules can be applied to images, stylesheets, or nearly any other resource that a website requires to function.

 

SIGNUP FOR

BOLDGRID CENTRAL  

   200+ Design Templates + 1 Kick-ass SuperTheme
   6 WordPress Plugins + 2 Essential Services

Everything you need to build and manage WordPress websites in one Central place.