Skip to main content

Secured Website Part 1 – Content Security Policy Setup (CSP)


 

When securing a website, there are multiple steps and factors one must consider. One of these steps and the purpose of this article is setting up a Content Security Policy (CSP). CSP is a computer security standard with the purpose of preventing attackers from polluting a website with malicious resources. What CSP does is that it enables a webmaster to whitelist (on the server side via .htaccess) trusted resources that make part of the website he is controlling. In other words, CSP is like a website firewall which can be configured to only allow resources from specific hosts to be loaded into the website.

For part 2, see Secured Website – Content Delivery Networks (CDN).

To setup a good Content Security Policy could prove challenging for a website that has many outside resources being used like: content delivery networks for javascript, embedded videos and outside hosted images.

As seen in the CSP section of the perfect .htaccess setup article, there are numerous resources on building and testing the Policy. After browsing those examples and then some our conclusion was set: information on CSP is not consistent due to the nature of browsers not atomically parsing contents of the Policy. In other words, browsers don’t all support the same features of CSP and some can ignore/break if they can’t interpret the contents of the CSP.

Though the information on formatting wildcards is not 100% accurate we do recommend Scott Helme’s tools for creating a CSP and checking it.

 

 

Popular Webmaster Tutorials

WEBSITE TEMPLATE: SLIDING DOORS - Use it as a website template for intros with animation and landing page forms

Greetings fellow webmasters!   Here is a new template for you to use freely on your web development projects. It's called Sliding Doors. This template uses just a little bit of Javascript for its awesome reveal animation effect. Check it out, it's really cool! Check it out here, live preview: https://sliding-doors.webmasterbits.com/ Download it on github, here's the link: https://github.com/webmasterbits/sliding-doors As always, you can check out all of our free website templates here: https://www.webmasterbits.com/p/templates.html Let us know what you think of this new template in the comments bellow. You are welcome to include links to projects you've used this template for.

DAY 1: Become a Webmaster Tutorial - BUILD A WEBSITE IN 10 MINUTES and host it on Github for Free

  Greetings fellow webmasters and soon to become webmasters!   I released my first video in the Become a Webmaster series. With this video I am also updating the Become a Webmaster page with the tutorial for Day 1. Watch the Day 1 video on youtube here: https://youtu.be/kJYONpeeDj4   Read the detailed tutorial on Day 1 here: https://www.webmasterbits.com/p/become-webmaster.html Day 1 is the most important day in your journey of becoming a webmaster. Here's what I explain in the video and tutorial: How to gather content for your new website How to create a Protonmail account How to create a Github account How to create a repository for your new site How to create the index.html file How to add headings Read the tutorial and then watch the video to follow along.  

How to do research for a website

  Being a Webmaster is a lot of work and research is a big part of it. Like most professions, you need to stay on top of your game. Whether you're building a new website or taking one over, you will need a plan. And a solid plan requires research. If you haven't already, read What is a Webmaster first . Below we have compiled a list of areas of research that you as a Webmaster shoud be very familiar with and actively pursuing. Remember to write down everything you research and the results of your research.   Tools & Service Providers Research Having the right tools for the job is key. Knowing what to use and when will give you the confidence to move forward faster and get things done. As a Webmaster you'll always be asked: where do I register a domain? what's a reliable hosting company? what's your recommendation? Being able to provide knowledgeable advice is your most valuable asset. It's your most valuable asset because it's a source of passive income.