Hashes and Nonces and Violations, Oh My! Everything you need to know about Content Security Policy (CSP)
13 Mar 2025, 1:20 am
30 mins
In this session, Michael will share insights and lessons learned from implementing a Content Security Policy (CSP) on a large government Drupal website. CSP is a critical tool for enhancing web security, but it comes with its own set of challenges—especially when it's added retrospectively to an existing site with extensive analytics and tracking requirements.
We'll start with the basics to get you up and running before delving into the intricacies of the most important directives. Of course, you'll face Drupal-isms, which are a challenge of their own to master, before we conquer the beast that is Google Tag Manager.
By the end of the presentation, attendees will have a solid understanding of what steps they can take to start building their own policy and the tools required to analyse its effectiveness before deployment to production.
We'll start with the basics to get you up and running before delving into the intricacies of the most important directives. Of course, you'll face Drupal-isms, which are a challenge of their own to master, before we conquer the beast that is Google Tag Manager.
By the end of the presentation, attendees will have a solid understanding of what steps they can take to start building their own policy and the tools required to analyse its effectiveness before deployment to production.
