# Content Security Policy

1. [Home](https://www.agilicus.com/)
2. Content Security Policy

![content-security](https://www.agilicus.com/www/1e423ec9-content-security.svg)Secure Your Application

---

## Content Security Policy

A [Content-Security-Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) is a header which instructs a browser how to interpret & allow or deny various types of active content (images, fonts, frames, ...). It helps mitigate certain types of attacks including Cross-Site-Scripting (XSS) or data injection.

[CONTACT](/contact-us/)

## Concepts

A [Content-Security-Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) is a header which instructs a browser how to interpret & allow or deny various types of active content (images, fonts, frames, ...). It helps mitigate certain types of attacks including Cross-Site-Scripting (XSS) or data injection.

The Agilicus Web Application Firewall allows setting and editing this header. You can see it on the 'Define' tab of the application. 3 macro-settings may be applied:

- clear -- remove (unset) the Content-Security-Policy
- strict angular defaults -- this is a set of defaults suitable for an Angular application compiled with AOT and subresource-integrity
- lax angularjs defaults -- this is a set of defaults suitable for an older AngularJS application (including unsafe-inline)

Once you set one of these buttons you may then edit the individual types.

In addition to the check-box settings, a set of 'hosts' may be configured. This can include 'data:' , '\*', 'https:', 'https://example.com', etc. For more information see Content Security Policy (CSP) in the Mozilla Web Docs.

https://www.youtube.com/watch?v=pKlN2tp4mvs 

## Additional Information

https://www.youtube.com/watch?v=zWx85Dl4Ioo 

https://www.youtube.com/watch?v=pKlN2tp4mvs