I've been using Ghost as my blogging platform for quite some time and I've also been using Cloudflare for a good while too. Recently these companies came together and Ghost(Pro) started using Cloudflare by default. Whilst this is probably a great thing for most, it left me wihout control…
Tag: JS
Total 3 Posts
The most common way to set a Content Security Policy on your site is to deliver it as a HTTP response header, but that's not always possible. On hosted platforms like GitHub Pages, Ghost Pro or WordPress it's not always easy or even possible to set a HTTP response header.…
Content Security Policy is delivered via a HTTP response header, much like HSTS, and defines approved sources of content that the browser may load. It can be an effective countermeasure to Cross Site Scripting (XSS) attacks and is also widely supported and usually easily deployed. Why do we need CSP?…
