Tag: CSP

Total 38 Posts

Enforcing the use of SRI

Subresource Integrity is an awesome security feature that allows us to ensure that assets served by a CDN haven't been tampered with. Now, thanks to a new directive in CSP, we can ensure that SRI is used across our site. SRI In short, SRI allows us to embed the hash…

Continue Reading

Micro-optimisation for fun!

I stumbled across what I assume is a performance optimisation being used by Twitter and wondered how much I could optimise my site using a similar principle. The changes would result in no difference to functionality but yield a slightly smaller payload for the page meaning faster page load times!…

Continue Reading

Fixing mixed content with CSP

As more and more sites are migrating to HTTPS, one of the biggest problems that will need solving is tracking down all of your HTTP resources to avoid mixed content warnings. Whilst this could sound like a daunting task, especially on sites with a large amount of content, CSP can…

Continue Reading

Hardening the CSP on report-uri.io

It's pretty easy to get a basic CSP setup and issued on your site, but tightening up the policy can be tricky. To benefit from protection against XSS attacks you need to potentially disable inline script which could mean some pretty significant changes for your site. In this blog I'm…

Continue Reading