Let’s examine adding a CSP header on NGINX in more detail. We at Bobcares can take care of your NGINX problems with our Server Management Services.

Add CSP Header On NGINX

An upgraded version of the X-XSS-Protection header that adds another layer of security is the Content-Security-Policy header. The Content-Security-Policy header allows us to control how the browser loads resources such as JavaScript, CSS, and pretty much anything else.

Although it is most commonly used as an HTTP response header, it can also be used in a meta tag. The term CSP stands for Content Security Policy. It is an extremely potent header that guards against data injection as well as XSS attacks.

CSP instructs the browser to load the website’s authorized content. Currently, all popular browsers provide full or limited support for content security policy. We can also implement CSP in Nginx.

How To Add CSP Header On NGINX?

In this article, we will see a simple process to add CSP in Nginx. The steps of the process include:

1. Firstly, include the following entry in the nginx server {} block.

add_header Content-Security-Policy "default-src 'self';";

2. Then save it and restart Nginx to implement the changes.

Let’s see what each component of the above code represents:

add_header: The nginx directive to add the CSP header.

Content-Security-Policy: The header name we like to set. Here, it is Content-Security-Policy.

"default-src 'self';": Value of the header.

";": All nginx configuration directives end with a semicolon.

We can also add “always” at the end of the nginx config to confirm nginx sends the header regardless of the response code. Then the nginx config will look like this:

add_header Content-Security-Policy "default-src 'self';" always;

[Looking for a solution to another question? We assist you 24/7.]

Conclusion

In this article, we provide a simple solution from our Support team to add a CSP header in NGINX.