\n<\/p>\n
In today’s increasingly complex web security landscape, protecting your applications and user data has become paramount. One effective way to mitigate the risk of cross-site scripting (XSS) and other code injection attacks is through the implementation of Content Security Policies (CSP). In this article, we will delve into what CSP is, how it works, and step-by-step instructions for implementing it on Linux servers.<\/p>\n
<\/p>\n
<\/p>\n
A Content Security Policy (CSP) is a security feature that helps prevent a variety of attacks like XSS, data injection attacks, and more by controlling the resources that a web page is allowed to load. By specifying which content sources are trusted, CSP adds an extra layer of security, minimizing the chances of an attacker injecting malicious scripts into your web pages.<\/p>\n
<\/p>\n
<\/p>\n
CSP works by allowing server administrators to define rules in the HTTP headers of web applications. These rules specify the sources allowed to load resources like scripts, stylesheets, images, and more. If a resource is not from a whitelisted source, the browser will refuse to load it, thereby blocking potentially harmful content.<\/p>\n
<\/p>\n
For instance, a basic CSP header might look like this:<\/p>\n
<\/p>\n
Content-Security-Policy: default-src 'self'; script-src 'self' https:\/\/trusted-scripts.example.com; object-src 'none';<\/code><\/pre>\n<\/p>\n
This header will:<\/p>\n
<\/p>\n
<\/p>\n- Allow resources (default-src) only from the same origin (
'self'<\/code>).<\/li>\n<\/p>\n
- Permit scripts only from the same origin and a specified trusted domain.<\/li>\n
<\/p>\n
- Block all object resources by setting
object-src<\/code> to 'none'<\/code>.<\/li>\n\n<\/ul>\n
<\/p>\n
Step-by-Step Guide to Implementing CSP on Linux Servers<\/h2>\n
<\/p>\n
Step 1: Choose Your Web Server<\/h3>\n
<\/p>\n
CSP can be implemented on various web servers. We’ll go through the steps for two popular web servers: Apache and Nginx.<\/p>\n
<\/p>\n
Step 2: Set Up Your Content Security Policy<\/h3>\n
<\/p>\n
Before applying your CSP, it’s a good idea to create a policy that fits your application’s needs. Start by identifying all the resource types your application relies on and establish which sources should be allowed.<\/p>\n
<\/p>\n
Step 3: Update CSP in Apache<\/h3>\n
<\/p>\n
If you are using the Apache web server, follow these steps:<\/p>\n
<\/p>\n
<\/p>\n- \n
Open your Apache configuration file<\/strong>. This may be located in \/etc\/httpd\/conf\/httpd.conf<\/code> or \/etc\/apache2\/sites-available\/your-site.conf<\/code>, depending on your Linux distribution.<\/p>\n\n<\/li>\n
<\/p>\n
- \n
Add the CSP Header<\/strong>. Insert the following line within the <VirtualHost><\/code> directive for your site:<\/p>\n<\/p>\n
Header set Content-Security-Policy \"default-src 'self'; script-src 'self' https:\/\/trusted-scripts.example.com; object-src 'none';\"<\/code><\/pre>\n\n<\/li>\n
<\/p>\n
- \n
Enable Headers Module<\/strong> (if it\u2019s not already enabled):<\/p>\n<\/p>\n
sudo a2enmod headers<\/code><\/pre>\n\n<\/li>\n
<\/p>\n
- \n
Restart Apache<\/strong> for changes to take effect:<\/p>\n<\/p>\n
sudo systemctl restart apache2<\/code><\/pre>\n\n<\/li>\n
\n<\/ol>\n
<\/p>\n
Step 4: Update CSP in Nginx<\/h3>\n
<\/p>\n
For those using Nginx, the steps are slightly different:<\/p>\n
<\/p>\n
<\/p>\n- \n
Open your Nginx configuration file<\/strong>. This could be located in \/etc\/nginx\/nginx.conf<\/code> or similar files in \/etc\/nginx\/sites-available<\/code>.<\/p>\n\n<\/li>\n
<\/p>\n
- \n
Add the CSP Header<\/strong>. Locate the server block for your site and insert:<\/p>\n<\/p>\n
add_header Content-Security-Policy \"default-src 'self'; script-src 'self' https:\/\/trusted-scripts.example.com; object-src 'none';\";<\/code><\/pre>\n\n<\/li>\n
<\/p>\n
- \n
Test your Nginx configuration<\/strong> to ensure there are no syntax errors:<\/p>\n<\/p>\n
sudo nginx -t<\/code><\/pre>\n\n<\/li>\n
<\/p>\n
- \n
Restart Nginx<\/strong> for the changes to take effect:<\/p>\n<\/p>\n
sudo systemctl restart nginx<\/code><\/pre>\n\n<\/li>\n
\n<\/ol>\n
<\/p>\n
Step 5: Testing Your CSP<\/h3>\n
<\/p>\n
Once you have added your CSP to your web server, it’s crucial to test and validate it. You can use tools such as:<\/p>\n
<\/p>\n
<\/p>\n- CSP Evaluator<\/strong> (by Google): This tool analyzes your policy for potential issues.<\/li>\n
<\/p>\n
- browser developer tools<\/strong>: Check the console for CSP violations when accessing your application.<\/li>\n
<\/p>\n
- Report-Only Mode<\/strong>: You can use the
Content-Security-Policy-Report-Only<\/code> header to test your policy without actually enforcing it. This allows you to see what would be blocked without affecting users.<\/li>\n\n<\/ul>\n
<\/p>\n
Step 6: Iterate and Improve<\/h3>\n
<\/p>\n
CSP implementations can often require adjustments and fine-tuning. Monitor the reports, adjust your directives as necessary, and continuously improve your security posture.<\/p>\n
<\/p>\n
Conclusion<\/h2>\n
<\/p>\n
Implementing Content Security Policies is a powerful way to harden your web applications against a variety of attacks. By carefully defining the resources your applications use and enforcing those rules on your Linux server, you can significantly enhance your overall security. As you implement and refine your CSP, remember that security is not a one-time task but an ongoing process. Stay informed about the latest web security practices to ensure your applications remain secure.<\/p>\n
<\/p>\n
By following the above steps, you can effectively implement CSP on your Linux servers and safeguard your web applications against potential threats. Happy securing!<\/p>\n\n","protected":false},"excerpt":{"rendered":"
In today’s increasingly complex web security landscape, protecting your applications and user data has become paramount. One effective way to mitigate the risk of cross-site scripting (XSS) and other code injection attacks is through the implementation of Content Security Policies (CSP). In this article, we will delve into what CSP is, how it works, and […]<\/p>\n","protected":false},"author":2,"featured_media":1043,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","inline_featured_image":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[22],"tags":[206,208,265,520,291,302],"class_list":["post-1042","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux-security","tag-content","tag-implementing","tag-linux","tag-policies","tag-security","tag-servers","et-has-post-format-content","et_post_format-et-post-format-standard"],"yoast_head":"\n
Implementing Content Security Policies on Linux Servers - WafaTech Blogs<\/title>\n<meta name=\"description\" content=\"Implementing Content Security Policies on Linux Servers %\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/implementing-content-security-policies-on-linux-servers\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Implementing Content Security Policies on Linux Servers\" \/>\n<meta property=\"og:description\" content=\"Implementing Content Security Policies on Linux Servers %\" \/>\n<meta property=\"og:url\" content=\"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/implementing-content-security-policies-on-linux-servers\/\" \/>\n<meta property=\"og:site_name\" content=\"WafaTech Blogs\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/people\/WafaTech\/61560546351289\/\" \/>\n<meta property=\"article:published_time\" content=\"2025-01-12T01:43:33+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/wafatech.sa\/blog\/wp-content\/uploads\/2024\/06\/logo_big.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"2221\" \/>\n\t<meta property=\"og:image:height\" content=\"482\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"WafaTech SA\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@wafatech_sa\" \/>\n<meta name=\"twitter:site\" content=\"@wafatech_sa\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"WafaTech SA\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":[\"Article\",\"BlogPosting\"],\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/linux\\\/linux-security\\\/implementing-content-security-policies-on-linux-servers\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/linux\\\/linux-security\\\/implementing-content-security-policies-on-linux-servers\\\/\"},\"author\":{\"name\":\"WafaTech SA\",\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/#\\\/schema\\\/person\\\/1a5761fc0feb63ab59d295d7c2648f06\"},\"headline\":\"Implementing Content Security Policies on Linux Servers\",\"datePublished\":\"2025-01-12T01:43:33+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/linux\\\/linux-security\\\/implementing-content-security-policies-on-linux-servers\\\/\"},\"wordCount\":643,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/linux\\\/linux-security\\\/implementing-content-security-policies-on-linux-servers\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/01\\\/Implementing-Content-Security-Policies-on-Linux-Servers.png\",\"keywords\":[\"Content\",\"Implementing\",\"Linux\",\"Policies\",\"Security\",\"Servers\"],\"articleSection\":[\"Linux Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/wafatech.sa\\\/blog\\\/linux\\\/linux-security\\\/implementing-content-security-policies-on-linux-servers\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/linux\\\/linux-security\\\/implementing-content-security-policies-on-linux-servers\\\/\",\"url\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/linux\\\/linux-security\\\/implementing-content-security-policies-on-linux-servers\\\/\",\"name\":\"Implementing Content Security Policies on Linux Servers - WafaTech Blogs\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/linux\\\/linux-security\\\/implementing-content-security-policies-on-linux-servers\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/linux\\\/linux-security\\\/implementing-content-security-policies-on-linux-servers\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/01\\\/Implementing-Content-Security-Policies-on-Linux-Servers.png\",\"datePublished\":\"2025-01-12T01:43:33+00:00\",\"description\":\"Implementing Content Security Policies on Linux Servers %\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/linux\\\/linux-security\\\/implementing-content-security-policies-on-linux-servers\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/wafatech.sa\\\/blog\\\/linux\\\/linux-security\\\/implementing-content-security-policies-on-linux-servers\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/linux\\\/linux-security\\\/implementing-content-security-policies-on-linux-servers\\\/#primaryimage\",\"url\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/01\\\/Implementing-Content-Security-Policies-on-Linux-Servers.png\",\"contentUrl\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/01\\\/Implementing-Content-Security-Policies-on-Linux-Servers.png\",\"width\":1024,\"height\":1024,\"caption\":\"linux server content security policies\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/linux\\\/linux-security\\\/implementing-content-security-policies-on-linux-servers\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Implementing Content Security Policies on Linux Servers\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/\",\"name\":\"WafaTech Blogs\",\"description\":\"Smart Technologies\",\"publisher\":{\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/#organization\"},\"alternateName\":\"WafaTech\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/#organization\",\"name\":\"WafaTech Blogs\",\"alternateName\":\"WafaTech\",\"url\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/06\\\/logo_big.webp\",\"contentUrl\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/06\\\/logo_big.webp\",\"width\":2221,\"height\":482,\"caption\":\"WafaTech Blogs\"},\"image\":{\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/people\\\/WafaTech\\\/61560546351289\\\/\",\"https:\\\/\\\/x.com\\\/wafatech_sa\",\"https:\\\/\\\/www.youtube.com\\\/@wafatech-sa\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/wafatech\\\/\"],\"description\":\"WafaTech, a leading Saudi IT services provider, specializes in cloud solutions, connectivity, and ICT services. Offering secure cloud infrastructure, high-speed internet, and ICT solutions like hosting, backup, and disaster recovery, WafaTech operates a Tier 3 data center at KAUST with ISO certifications. Regulated by CST, the company is committed to innovation, security, and customer satisfaction, empowering businesses in the digital age.\",\"email\":\"sales@wafatech.sa\",\"legalName\":\"Al-Wafa Al-Dhakia For Information Technology LLC\",\"foundingDate\":\"2013-01-08\",\"numberOfEmployees\":{\"@type\":\"QuantitativeValue\",\"minValue\":\"11\",\"maxValue\":\"50\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/#\\\/schema\\\/person\\\/1a5761fc0feb63ab59d295d7c2648f06\",\"name\":\"WafaTech SA\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/fde877f001a2e0497276edc0684d3ba2a416c0de8caeb8e785076a1b1b932b3a?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/fde877f001a2e0497276edc0684d3ba2a416c0de8caeb8e785076a1b1b932b3a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/fde877f001a2e0497276edc0684d3ba2a416c0de8caeb8e785076a1b1b932b3a?s=96&d=mm&r=g\",\"caption\":\"WafaTech SA\"},\"url\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/author\\\/omer-yaseen\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Implementing Content Security Policies on Linux Servers - WafaTech Blogs","description":"Implementing Content Security Policies on Linux Servers %","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/implementing-content-security-policies-on-linux-servers\/","og_locale":"en_US","og_type":"article","og_title":"Implementing Content Security Policies on Linux Servers","og_description":"Implementing Content Security Policies on Linux Servers %","og_url":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/implementing-content-security-policies-on-linux-servers\/","og_site_name":"WafaTech Blogs","article_publisher":"https:\/\/www.facebook.com\/people\/WafaTech\/61560546351289\/","article_published_time":"2025-01-12T01:43:33+00:00","og_image":[{"width":2221,"height":482,"url":"https:\/\/wafatech.sa\/blog\/wp-content\/uploads\/2024\/06\/logo_big.webp","type":"image\/webp"}],"author":"WafaTech SA","twitter_card":"summary_large_image","twitter_creator":"@wafatech_sa","twitter_site":"@wafatech_sa","twitter_misc":{"Written by":"WafaTech SA","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":["Article","BlogPosting"],"@id":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/implementing-content-security-policies-on-linux-servers\/#article","isPartOf":{"@id":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/implementing-content-security-policies-on-linux-servers\/"},"author":{"name":"WafaTech SA","@id":"https:\/\/wafatech.sa\/blog\/#\/schema\/person\/1a5761fc0feb63ab59d295d7c2648f06"},"headline":"Implementing Content Security Policies on Linux Servers","datePublished":"2025-01-12T01:43:33+00:00","mainEntityOfPage":{"@id":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/implementing-content-security-policies-on-linux-servers\/"},"wordCount":643,"commentCount":0,"publisher":{"@id":"https:\/\/wafatech.sa\/blog\/#organization"},"image":{"@id":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/implementing-content-security-policies-on-linux-servers\/#primaryimage"},"thumbnailUrl":"https:\/\/wafatech.sa\/blog\/wp-content\/uploads\/2025\/01\/Implementing-Content-Security-Policies-on-Linux-Servers.png","keywords":["Content","Implementing","Linux","Policies","Security","Servers"],"articleSection":["Linux Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/wafatech.sa\/blog\/linux\/linux-security\/implementing-content-security-policies-on-linux-servers\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/implementing-content-security-policies-on-linux-servers\/","url":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/implementing-content-security-policies-on-linux-servers\/","name":"Implementing Content Security Policies on Linux Servers - WafaTech Blogs","isPartOf":{"@id":"https:\/\/wafatech.sa\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/implementing-content-security-policies-on-linux-servers\/#primaryimage"},"image":{"@id":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/implementing-content-security-policies-on-linux-servers\/#primaryimage"},"thumbnailUrl":"https:\/\/wafatech.sa\/blog\/wp-content\/uploads\/2025\/01\/Implementing-Content-Security-Policies-on-Linux-Servers.png","datePublished":"2025-01-12T01:43:33+00:00","description":"Implementing Content Security Policies on Linux Servers %","breadcrumb":{"@id":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/implementing-content-security-policies-on-linux-servers\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/wafatech.sa\/blog\/linux\/linux-security\/implementing-content-security-policies-on-linux-servers\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/implementing-content-security-policies-on-linux-servers\/#primaryimage","url":"https:\/\/wafatech.sa\/blog\/wp-content\/uploads\/2025\/01\/Implementing-Content-Security-Policies-on-Linux-Servers.png","contentUrl":"https:\/\/wafatech.sa\/blog\/wp-content\/uploads\/2025\/01\/Implementing-Content-Security-Policies-on-Linux-Servers.png","width":1024,"height":1024,"caption":"linux server content security policies"},{"@type":"BreadcrumbList","@id":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/implementing-content-security-policies-on-linux-servers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/wafatech.sa\/blog\/"},{"@type":"ListItem","position":2,"name":"Implementing Content Security Policies on Linux Servers"}]},{"@type":"WebSite","@id":"https:\/\/wafatech.sa\/blog\/#website","url":"https:\/\/wafatech.sa\/blog\/","name":"WafaTech Blogs","description":"Smart Technologies","publisher":{"@id":"https:\/\/wafatech.sa\/blog\/#organization"},"alternateName":"WafaTech","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/wafatech.sa\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/wafatech.sa\/blog\/#organization","name":"WafaTech Blogs","alternateName":"WafaTech","url":"https:\/\/wafatech.sa\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/wafatech.sa\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/wafatech.sa\/blog\/wp-content\/uploads\/2024\/06\/logo_big.webp","contentUrl":"https:\/\/wafatech.sa\/blog\/wp-content\/uploads\/2024\/06\/logo_big.webp","width":2221,"height":482,"caption":"WafaTech Blogs"},"image":{"@id":"https:\/\/wafatech.sa\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/people\/WafaTech\/61560546351289\/","https:\/\/x.com\/wafatech_sa","https:\/\/www.youtube.com\/@wafatech-sa","https:\/\/www.linkedin.com\/company\/wafatech\/"],"description":"WafaTech, a leading Saudi IT services provider, specializes in cloud solutions, connectivity, and ICT services. Offering secure cloud infrastructure, high-speed internet, and ICT solutions like hosting, backup, and disaster recovery, WafaTech operates a Tier 3 data center at KAUST with ISO certifications. Regulated by CST, the company is committed to innovation, security, and customer satisfaction, empowering businesses in the digital age.","email":"sales@wafatech.sa","legalName":"Al-Wafa Al-Dhakia For Information Technology LLC","foundingDate":"2013-01-08","numberOfEmployees":{"@type":"QuantitativeValue","minValue":"11","maxValue":"50"}},{"@type":"Person","@id":"https:\/\/wafatech.sa\/blog\/#\/schema\/person\/1a5761fc0feb63ab59d295d7c2648f06","name":"WafaTech SA","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/fde877f001a2e0497276edc0684d3ba2a416c0de8caeb8e785076a1b1b932b3a?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/fde877f001a2e0497276edc0684d3ba2a416c0de8caeb8e785076a1b1b932b3a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/fde877f001a2e0497276edc0684d3ba2a416c0de8caeb8e785076a1b1b932b3a?s=96&d=mm&r=g","caption":"WafaTech SA"},"url":"https:\/\/wafatech.sa\/blog\/author\/omer-yaseen\/"}]}},"jetpack_featured_media_url":"https:\/\/wafatech.sa\/blog\/wp-content\/uploads\/2025\/01\/Implementing-Content-Security-Policies-on-Linux-Servers.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wafatech.sa\/blog\/wp-json\/wp\/v2\/posts\/1042","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wafatech.sa\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wafatech.sa\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wafatech.sa\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/wafatech.sa\/blog\/wp-json\/wp\/v2\/comments?post=1042"}],"version-history":[{"count":0,"href":"https:\/\/wafatech.sa\/blog\/wp-json\/wp\/v2\/posts\/1042\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/wafatech.sa\/blog\/wp-json\/wp\/v2\/media\/1043"}],"wp:attachment":[{"href":"https:\/\/wafatech.sa\/blog\/wp-json\/wp\/v2\/media?parent=1042"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wafatech.sa\/blog\/wp-json\/wp\/v2\/categories?post=1042"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wafatech.sa\/blog\/wp-json\/wp\/v2\/tags?post=1042"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}