How To Implement A Secure Csp In Apache

How to Implement a Secure Content Security Policy (CSP) in Apache

Content Security Policy (CSP) is a crucial security feature that helps protect your web application from various types of attacks, including Cross-Site Scripting (XSS). Follow these steps to implement a secure CSP policy on your Apache web server.

Step 1: Open Apache Configuration

Connect to your server and open your Apache configuration file. This is typically located at /etc/apache2/apache2.conf or /etc/httpd/conf/httpd.conf.

sudo nano /etc/apache2/apache2.conf

Step 2: Add CSP Headers

Insert the following lines at the appropriate location in your Apache configuration file to add a secure CSP policy:

  1. # Enable Content Security Policy (CSP)
    Header always set Content-Security-Policy "default-src 'self';"
  2. Never include unsafe rules.

Adjust the directives based on your specific needs. For more information, please get in touch.

Step 4: Save and Restart Apache

Save your changes and restart Apache to apply the new configuration:

sudo systemctl restart apache2

Step 5: Verify CSP Implementation

Visit your website and check the browser console for any CSP-related warnings or errors. Adjust your CSP policy as needed to ensure that all necessary resources are allowed.

Additionally, check the Security Header Validation web page to verify the CSP is secure.