Overview
Customers who want to protect their sites and users from web browser attacks can include a special HTTP header designed to instruct the browser how to best render and request resources such as images, styles, and JavaScript.
How is CSP Used?
CSP uses the HTTP header Content-Security-Policy with a string containing directives that control the rendering and requesting of resources. This HTTP header can be sent by utilizing server side code (PHP, Java, C#), or with a <meta> tag in the HTML.
Example: <meta http-equiv="Content-Security-Policy" content="default-src 'self'; style-src 'self' 'unsafe-inline'; script-src https://ajax.googleapis.com">
How is CSP Used with Kount?
While the combinations of CSP directives a customer might use on their site is dizzying and is based on the unique way their pages are built, a few special directives will be required to ensure that Kount's device fingerprinting works correctly.
<meta http-equiv="Content-Security-Policy" content="img-src https://*.kaptcha.com; child-src https://*.kaptcha.com">
- img-src https://*.kaptcha.com - Informs the browser that images can be loaded from https://*.kaptcha.com. This is to ensure our logo.gif is loaded.
- child-src https://*.kaptcha.com - Informs the browser that child documents (iframes) can be loaded from https://*.kaptcha.com. This ensures the iframe that does all the work gets loaded.
Comments
0 comments
Please sign in to leave a comment.