Skip to main content

Remediation Steps

Follow the steps below to remediate this finding on Nginx webserver.

  1. In your nginx.conf server block, add:

    add_header Content-Security-Policy "default-src 'self'; script-src 'self'; object-src 'none';" always;

  2. Reload Nginx:

    sudo systemctl reload nginx

  3. Note: Start with Content-Security-Policy-Report-Only to test before enforcing.

Back to top