Content Security Policy

Written By :

Category :


Posted On :

Share This :

Does you website have a security policy? Using a tool like can help you figure out your security score. Typically if you don’t have a content security policy your score will fail. Now just passing the test is one thing, but enabling your site to be more secure can be confusing, inconvenient, and not always easy to do.

Depending on the strictness of your website you really can “Lock Down” your website.

Some things to consider with Dev.Land is we now offer a “CSP” (Content Security Policy) which can be loose up to Locked Down. Our method is Loose will pass tests, but if you want to take advantage of the CSP you will need to consider disabling iframes and object code booth of those are a bit ancient. Iframe used to be the only way to embed another page, and was widely used, however it did cause some site to be requested for bad things, which is why they are in general kind of being banned by most use cases.

As for object code, I might date myself but I know of its last use was for flash .swf files to be embedded, and also some unique java applets were configured with object code, which I think again is a really old thing so in most cases if you are logging uses with iframe analytics code you might want to review your vendors.

As for Dev.Land’s Locked down mode it really is locked down, this might not work with most WordPress sites, as you will need to not use iframes, objects, inline css, and inline javascript code. The entire WordPress block system is written to be inline so that won’t work. I’m trying to come up with way to solve this for a really locked down site that still works. Anyway you can simply try out Dev.Land today and see how strict your site can be. I also found a tool by google to check your CSP this one is unique and can show the changes in the CSP type.