The Content Security Policy (CSP) is a security header that tells the browser what content it is allowed to load. It can be used to prevent attacks on website visitors such as Cross Site Scripting (XSS) and Clickjacking. The Content Security Policy uses the Same Origin Policy mechanism to ensure the browser only loads resources from trusted sources. With the Content Security Policy you can prevent browsers from loading scripts, images, css etc. from untrusted sources like third party sites or insecure connections. It can also limit certain functions in scripts, restrict where the browser can send the data from completed forms and prevent your site being loaded in an iframe.
The Content Security Policy can be difficult to setup and some functions cannot be applied to a WordPress site without breaking it. Setting a Content Security Policy should be done with careful testing in report-only mode first to determine potential issues. Really Simple SSL Pro has a unique learning mode that will detect the resources used by visitors of your website and subsequently lets you approve them to effortlessly construct a Content Security Policy without breaking your website.
In short:
- A correctly configured Content Security Policy can protect your visitors from the most common web attacks
- Configuring a Content Security Policy can be challenging and may break your site if not done correctly
- Really Simple SSL Pro’s unique learning mode can automate the setup of a Content Security Policy for your WordPress website
Check this article on how to setup a Content Security Policy with Really Simple SSL Pro.