Content-Security-Policy-Report-Only

Posted on February 11, 2018 at 6:01 pm

This is a quick post about Content-Security-Policy-Report-Only:

Content-Security-Policy-Report-Only: default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri /_csp

Taken from HTTP headers of https://vimeo.com

To implement it with Nginx use add_header like this:

add_header Content-Security-Policy-Report-Only "default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri /_csp";

Other Posts

Updated Posts