Osano and Content Security Policies (CSPs)

Content Security Policies 

Content Security Policies are an added security layer that helps detect and mitigate certain types of attacks (ex. Cross-Site Scripting, data injection, etc.). Osano may be used with or without a CSP.

To enable CSP, you would need to configure your webserver to return the Content-Security-Policy HTTP header. 

Alternatively, the <meta> element could be used to configure a policy, for example: 

<meta http-equiv="Content-Security-Policy" content="default-src 'self'; child-src 'none';">

Implementing Osano with a CSP

If you are utilizing a CSP, certain allowances may need to be made to your CSP for Osano to run appropriately. 

Osano uses web workers for script and cookie blocking. Web workers must be allowed in order to execute appropriately. 

Necessary Attribute: blob: Allows blob: URIs to be used as a content source.

For example (this may differ from CSP to CSP):

<meta http-equiv="Content-Security-Policy" content="style-src 'unsafe-inline' http: https: 'self'; script-src blob: http: https: 'self';">

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.