For a stricter CSP policy, which value would you set for default-src to ensure that only specific sources are allowed?

  • 'none'
  • 'self'
  • 'strict-dynamic'
  • 'unsafe-inline'
In a strict CSP policy, you would set the 'default-src' value to 'none' to ensure that no resources are allowed by default. To allow only specific sources, you would then specify those sources individually in other CSP directives, like 'script-src', 'style-src', etc.
Add your answer
Loading...

Leave a comment

Your email address will not be published. Required fields are marked *