I got on a kick of implementing security-related headers on Initial Charge this week. Most of these were fairly easy to add, simply copy and pasting some code from various tutorials into my
.htaccess file and then testing. But Content Security Policy was a major pain. It essentially tells the browser what content is allowed to run on webpages and where it can load that content from.
This add-on made the process much easier. Once installed, I opened the add-on’s menu, enabled recording of my site, then browsed to every type of page I could think of — on the front-end and the backend. The add-on kept a running tab on all the different types of content loaded and where it was loaded from. Then I grabbed the markup provided from within the add-on’s menu and added it to the site’s