How to correctly set Content-Security-Policy headers?
abhai
19 June 2023
Setting the Content-Security-Policy (CSP) header correctly is an essential step in enhancing the security of your web application. The CSP header allows you to define a policy that restricts the types of content that can be loaded by a web page, thereby mitigating risks such as cross-site scripting (XSS) and data injection attacks. Here's a general guide on how to correctly set CSP headers:
Tags
Drupal security best practices
abhai
2 November 2022
I was recently looking certain random things for all Drupal sites that I know to see what information I can get from these sites and I was surprised to see that many of them do not have the basic Drupal security recommendations done. For example, I could tell the exact Drupal, PHP and Nginx versions in many cases. Some of the sites were on Drupal versions that were vulnerable. So I decided to write a checklist that if followed exactly will take care of at least the recommended best practices.