Skip to main content

Remediation Steps

Follow the steps below to remediate this finding on Joomla.

  1. Edit the .htaccess file in the Joomla root directory and add:

    <IfModule mod_headers.c>
Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; object-src 'none';"
</IfModule>

  2. Alternatively, install the SecurityHeaders extension and configure CSP from the extension settings.

Back to top