Menu
I understand the benefits of using CSP, but is it a waste to send those headers for anything other than HTML files? Do I need to send CSP headers on an image, for example? For a .js file?
906
The Content-Security-Policy header only makes sense on HTML pages.
A security header that would make sense for a image or other resource would be Access-Control-Allow-Origin. But that is restrictive by default, so you don't need to do anything with that.
121
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
