Content Security Policy (CSP)

What is a Content Security Policy?

A Content Security Policy (CSP) is an added layer of security that helps protect your website against cross-site scripting (XSS) attacks, data injection, and other types of code injection attacks. CSPs work by specifying which types of content can be loaded and executed on a website, and from which sources they can be loaded. This can help prevent malicious scripts from running on your website, as well as reduce the risk of data theft and other types of attacks.

How to Identify What Exception is Needed for a Custom Security Policy Exception

If you need to add a Custom Security Policy Exception, follow these steps to identify what exception is needed:

  1. Determine which specific resources or elements on your website are being blocked by the CSP. You may need to check the browser console or network tab for details on which resources are being blocked.
  2. Once you've identified the specific resources or elements that are being blocked, determine which type of exception is needed to allow those resources or elements to be loaded. For example, you may need to add an exception for a specific domain or subdomain, or you may need to allow a specific type of resource (such as scripts, images, or stylesheets).
  3. Once you've determined what type of exception is needed, navigate to the Custom Security Policy Exception form in your site Simply go to the Theme Options settings.
  4. In the Custom Security Policy Exception form, enter the specific details of the exception that you need to add. This may include the domain or subdomain that needs to be allowed, the specified resource type that needs to be allowed, and any other relevant information.
  5. Once you've entered the details of the exception, click the "Save Changes" button to save the exception to your site's CSP.
Last Updated:
Contributors: mhaswell-bcgov