Content Security Policy (CSP) is a computer security standard introduced to prevent cross-site scripting (XSS), clickjacking and other code injection attacks resulting from the execution of malicious content in the browser. CSP provides a standard method for website owners to declare approved origins of content that browsers should be allowed to load on that website.
As an example, if your CSP was set up to only allow content from the website and you tried to embed a Youtube video, the browser would not display the video on your website.
Why does my website not have a CSP?
Juniper websites do not currently apply a Content Security Policy across the board, doing so would remove some of the freedoms you currently have when adding content to your website. Instead, we have taken extensive measures to protect you and your website visitors from the kind of attacks that the CSP protects against. These include:
- Security Focused Development
- Annual Independent Penetration Tests against the content management system to ensure there are no vulnerabilities.
- Weekly scanning of the content management system using a tool called Detectify, which checks for known vulnerabilities.