Feature release: standard CSP and Permissions Policy headers

At Plate, we strive to keep your websites not only easy to manage but also extremely secure. Today, we are announcing two important security updates: the Content Security Policy Header and the Permissions Policy Header. These new features significantly enhance the security of the websites within your organization. Due to the potential impact on the front-end code, these updates need to be activated per site. This article explains exactly what you need to do.

What is the Content Security Policy Header (CSP)?

The Content Security Policy (CSP) is a policy that helps prevent various types of attacks, such as cross-site scripting (XSS) and data injections. CSP works as an additional layer of protection by specifying which sources the browser is allowed to load on your website. This means you can precisely control which scripts, styles, and other resources are permitted to execute.

Benefits of CSP:

• Protection against XSS attacks: CSP prevents unauthorized scripts from being executed, helping to protect sensitive data.
• Reduction of phishing risks: By specifying which domains are allowed to load content, the risk of phishing is significantly reduced.
• Better control over external resources: You can specify which external sources are safe to load, reducing the chance of loading malicious content.

On every website on the Plate platform, you will find the option to configure CSP headers in the technical settings on the dashboard (see screenshot below). By default, this is turned off, allowing you to configure it per site. Be mindful of all potential external content such as images, scripts, and stylesheets that are loaded on your website. If you configure the CSP headers too strictly, some of these elements may not be loaded. This is a link to the technical CSP configuration implementation for front-end developers. 

What is the Permissions Policy Header?

The Permissions Policy Header (formerly known as Feature Policy) allows you to manage which browser features and APIs are available on your website. This is a crucial step in reducing vulnerabilities and improving the privacy and security of your website visitors.

Benefits of Permissions Policy:

• Increased privacy: By imposing restrictions on functionalities such as camera, microphone, and location, you protect the privacy of your website visitors.
• Enhanced security: By limiting access to certain APIs, you reduce the risk of malicious actors exploiting these features.
• Performance optimization: By restricting unnecessary functionalities, you can improve the performance of your website.

This is the link to the Permissions Policy configuration documentation for front-end development.

Both developments ensure that all customers using Plate benefit from our strong emphasis on website security. Want to check how secure your website is? Take the free test at www.internet.nl.

Want to learn more about what Plate does regarding web security? Contact us.