Making Content Security Policies (CSPs) easy with Page Shield
Cloudflare has introduced new features to its Page Shield offering, aimed at enhancing the security of websites by mitigating risks associated with third-party JavaScript (JS). The upgrades include better policy suggestions and full support for all major Content Security Policy (CSP) directives. Page Shield is designed to protect businesses against supply chain attacks, client-side data leaks, and malicious behavior from untrusted or compromised scripts. It provides a way to create and manage CSPs directly within the Cloudflare dashboard. The new policy suggestions engine offers a more intuitive interface for building and deploying Page Shield policies, with full support for both script-src (Scripts) directive and connect-src (Connections) directive. It also allows users to specify the scope of their CSPs by only allowing them on specific pages or sections of their websites. Furthermore, all major CSP directives are now supported by Page Shield, although suggestions are currently limited to script-src and connect-src. The system can parse existing CSP policies pasted into the policy interface, making it easier for users to migrate from other systems or configurations. Additionally, improved violation reporting shows which directive is causing potential issues when a Page Shield policy is deployed. Domain insights have also been added, providing details such as WHOIS info and any categorizations available for any given domain. To use the new features, users need to be on the Pro plan or higher with the Page Shield enterprise add-on enabled. Existing customers can access these updates in their dashboard immediately. Source: https://blog.cloudflare.com/csp-directives-and-policy-suggestions/``` SUMMARY: Cloudflare's Page Shield offering has been upgraded with new features, including better policy suggestions and full support for all major Content Security Policy directives.
Company
Cloudflare
Date published
Sept. 15, 2023
Author(s)
Michael Tremante
Word count
1840
Language
English
Hacker News points
None found.