Drupal is a registered trademark of Dries Buytaert
Drupal 11.4.2 Update released for Drupal core (11.4.2)! Drupal 11.4.1 Update released for Drupal core (11.4.1)! Drupal 11.4.0 Update released for Drupal core (11.4.0)! Drupal 10.6.12 Update released for Drupal core (10.6.12)! Drupal 11.3.13 Update released for Drupal core (11.3.13)! Drupal 10.6.11 Update released for Drupal core (10.6.11)! Drupal 11.3.12 Update released for Drupal core (11.3.12)! Drupal 11.2.14 Update released for Drupal core (11.2.14)! Drupal 10.5.12 Update released for Drupal core (10.5.12)! Cms 2.1.3 Update released for Drupal core (2.1.3)! Drupal 10.5.11 Update released for Drupal core (10.5.11)! Drupal 11.3.11 Update released for Drupal core (11.3.11)! Drupal 11.2.13 Update released for Drupal core (11.2.13)! Drupal 10.6.10 Update released for Drupal core (10.6.10)! Cms 2.1.2 Update released for Drupal core (2.1.2)! Drupal 11.1.10 Update released for Drupal core (11.1.10)! Drupal 10.5.10 Update released for Drupal core (10.5.10)! Drupal 10.4.10 Update released for Drupal core (10.4.10)! Drupal 11.2.12 Update released for Drupal core (11.2.12)! Drupal 11.3.10 Update released for Drupal core (11.3.10)!

Content-Security-Policy

23,129 sites Security covered
View on drupal.org

This module helps protect your Drupal site from security threats like XSS by allowing you to specify trusted sources for external resources through the Content-Security-Policy header. It automatically generates a policy for JavaScript and CSS, is optimized for efficiency, and integrates with other modules for reporting policy violations.

The Content-Security-Policy header allows your Drupal site to inform browsers of trusted sources for JavaScript, CSS, and other external resources. This adds a security layer to detect and mitigate the risk of Cross Site Scripting (XSS), data injection, and other vulnerabilities.

Features

  • Integrates with Drupal's Libraries API to automatically generate a default site-wide policy for JavaScript and CSS
  • Up-to-date with the latest CSP Level 3 Working Draft
  • Policy is automatically optimized to remove duplicate directives and reduce header length
  • Dispatches an event to allow other modules to alter policies for each request
  • Policy Violation logging integrations:

Activity

Total releases
4
First release
Mar 2025
Latest release
2 months ago
Release cadence
138 days
Stability
100% stable

Release Timeline

Releases

Version Type Release date
2.2.4 Stable Apr 28, 2026
2.2.3 Stable Apr 20, 2026
2.2.2 Stable Mar 13, 2025
8.x-1.40 Stable Mar 12, 2025