Help
FortiAppSec Cloud
FortiAppSec Cloud delivers unified application security and performance with WAF, bot protection, GSLB, DDoS mitigation, threat analytics, and CDN.
Srija_RedA
Staff
Staff

Created on ‎04-15-2024 07:30 AM Edited on ‎12-10-2024 07:29 AM By Moderator

Article Id 309812

Technical Tip: FortiAppSec Cloud Content Security Policy configuration

Description

This article describes how to add a Content Security Policy (CSP) header to prevent XSS and data injection attacks and explains the effects.
Scope FortiAppSec Cloud.
Solution

If there is an existing CSP header on the website or application and this policy on FortiAppSec Cloud under HTTP header security is enabled, FortiAppSec Cloud will replace the CSP header.

 

Simple Apache website before FortiAppSec Cloud:

 

fweb1.png

 

FortiAppSec Cloud CSP header policy:

 

httpheadersec.png

 

After FortiAppSec Cloud:

 

fweb2.png

 

fweb1.png
Preview file
103 KB
fweb2.png
Preview file
120 KB
fweb3.png
Preview file
269 KB
788
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.