1. 17
  1.  

  2. 2

    Thanks for posting this. This is immediately useful to me.

    Correctly implementing a CSP is surprisingly tricky, though if you take the time to do it you’ll likely be most of the way to an A+ grade on Mozilla Observatory. Even though this doesn’t really count as a comprehensive security measure, it does inhibit a whole class of attack vectors, and it goes a long way to put your business in a favourable light when your Observatory grade is presented to investors and clients.

    Speaking from experience.