Is this CSP implementation is secure?
I face a CSP header something like this –
default-src https:; font-src https: data:; img-src https: data:; script-src https: ‘unsafe-inline’ ‘unsafe-eval’; style-src https: ‘unsafe-inline’;
So is this is secure implementation?
This include… Continue reading Is this CSP implementation is secure?