I am whitelisting domains for CSP headers. Is there any recommendation for whitelisting a big list of domain, all belonging to the same company e.g. google.de
, google.fr
, etc.
If I understand correctly, *.mydomain.com
means both subdomains of mydomain.com
and also mydomain.com
itself. For security itself, it doesn't make sense to allow any top level domain of google.<tld>
, yet it would be very convenient to have a shorthand way to list all google.<tld>
that I can find.
Is there a shorter / better alternative to maintaining a list of all possible google.*
?
At least for now, a seemingly reliable list would be: https://www.google.com/supported_domains
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With