{"id":9734,"date":"2021-07-19T11:45:54","date_gmt":"2021-07-19T11:45:54","guid":{"rendered":"https:\/\/cloudkul.com\/blog\/?p=9734"},"modified":"2023-02-22T05:54:13","modified_gmt":"2023-02-22T05:54:13","slug":"content-security-policy-for-opencart-store-add-an-extra-layer-of-security","status":"publish","type":"post","link":"https:\/\/cloudkul.com\/blog\/content-security-policy-for-opencart-store-add-an-extra-layer-of-security\/","title":{"rendered":"Content Security Policy For Open cart"},"content":{"rendered":"\n<p><strong>CSP (Content Security Policy) <\/strong>is a standard that can help to put an extra layer of protection for <a href=\"https:\/\/store.webkul.com\/opencart-security-extension.html\" target=\"_blank\" rel=\"noreferrer noopener\">Open cart<\/a> stores against cyberattacks like Cross-site Scripting (XSS), ClickJacking and data injection attacks. <\/p>\n\n\n\n<p>The Content-Security-Policy is a response header that limits the browser and tells what content source can be trusted and which should be blocked.<\/p>\n\n\n\n<p>By using CSP-defined policies, you can restrict browser content to eliminate risk.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How To implement CSP in Open cart?<\/h2>\n\n\n\n<p>CSP defining a variety of content restrictions by using directives and each directive consist of a name followed by one or more values. You can add a CSP response header in httpd.conf or .htaccess files.<\/p>\n\n\n\n<p><strong>Example 1:<\/strong><\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">Header set Content-Security-Policy \"default-src 'self';\"<\/pre>\n\n\n\n<p>Where &#8220;default-src&#8221; is directive, this will set a default policy to allow only content from the same origin. <\/p>\n\n\n\n<p><strong>Example<\/strong> <strong>2:<\/strong> <\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">Content-Security-Policy: default-src *:\/\/*.test.com<\/pre>\n\n\n\n<p>This header will allow sources from any subdomain of test.com, using HTTP or HTTPS protocols. <\/p>\n\n\n\n<p><strong>Example 3: <\/strong>You can also provide directives at the page level as well by using HTML meta tags.<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">&lt;meta http-equiv=\"Content-Security-Policy\" content=\"default-src \n    'self'\"&gt;<\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">List of CSP Directives:<\/h2>\n\n\n\n<p>CSP is having a rich set of policy directives that allow the Open cart store owner to monitor the flow of policies in a granular way \u2013<\/p>\n\n\n\n<ul>\n<li><strong>Default-src :<\/strong> specifies the default resource fetch policy, and its veil can be &#8220;self&#8221; (allow content from the same origin) or &#8220;none&#8221;(block everything that\u2019s not explicitly whitelisted).<\/li>\n\n\n\n<li><strong>Script-src<\/strong> : script-src is used to define a list of allowed script sources.<\/li>\n\n\n\n<li><strong>Img-src<\/strong> :  used to define list of allowed source locations for images.<\/li>\n\n\n\n<li><strong>Media-src<\/strong>: used to define list of allowed source locations for media like video and audio.<\/li>\n\n\n\n<li><strong>Object-src<\/strong>: used to define list of allowed source locations for plugins.<\/li>\n\n\n\n<li><strong>Font-src<\/strong>: used to define list of allowed sources for loading fonts.<\/li>\n\n\n\n<li><strong>Style-src<\/strong>: used to define list of allowed CSS stylesheet sources.<\/li>\n\n\n\n<li><strong>Form-action<\/strong>: specify list of URL target locations where the website can send form data.<\/li>\n\n\n\n<li><strong>Plugin-types:<\/strong>&nbsp;The list of plugin types that can be loaded from the locations in&nbsp;<strong>object-src<\/strong>.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Conclusion<\/h2>\n\n\n\n<p>CSP acts as a gatekeeper for your Open cart store. You can limit data on your store and can define which script can be executed. Content-Security-Policy is a powerful tool for protection against XSS and clickjacking attacks.<\/p>\n\n\n\n<p>E-commerce Stores are lucrative targets for attackers in today&#8217;s world. <\/p>\n\n\n\n<p>CSP can mitigate the risk of being targeted and can improve overall Open cart Store Security. <\/p>\n\n\n\n<p><strong>Although it&#8217;s not possible for every store owner to set up CSP header and check other vulnerabilities, in such a case <a href=\"https:\/\/webkul.com\/\">Webkul<\/a> can help through its <a href=\"https:\/\/store.webkul.com\/Ecommerce-Security-Audit-Basic-Plan.html\">basic security module<\/a>.<\/strong><\/p>\n\n\n\n<p><strong>In case of any help or query, please&nbsp;<a href=\"https:\/\/cloudkul.com\/contact\/\">contact<\/a>&nbsp;us or raise a&nbsp;<a href=\"https:\/\/webkul.uvdesk.com\/en\/customer\/create-ticket\/\">ticket<\/a>.<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CSP (Content Security Policy) is a standard that can help to put an extra layer <a class=\"text-primary\" title=\"read more\" href=\"https:\/\/cloudkul.com\/blog\/content-security-policy-for-opencart-store-add-an-extra-layer-of-security\/\">[&#8230;]<\/a><\/p>\n","protected":false},"author":35,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[340,1],"tags":[326,306,231],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Content Security Policy For Open cart - Cloudkul<\/title>\n<meta name=\"description\" content=\"CSP (Content Security Policy) is a standard that can help to put an extra layer of protection for Open cart stores against cyberattacks like Cross-site Scripting (XSS), ClickJacking and data injection attacks.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cloudkul.com\/blog\/content-security-policy-for-opencart-store-add-an-extra-layer-of-security\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Content Security Policy For Open cart - Cloudkul\" \/>\n<meta property=\"og:description\" content=\"CSP (Content Security Policy) is a standard that can help to put an extra layer of protection for Open cart stores against cyberattacks like Cross-site Scripting (XSS), ClickJacking and data injection attacks.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cloudkul.com\/blog\/content-security-policy-for-opencart-store-add-an-extra-layer-of-security\/\" \/>\n<meta property=\"og:site_name\" content=\"Cloudkul\" \/>\n<meta property=\"article:published_time\" content=\"2021-07-19T11:45:54+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-02-22T05:54:13+00:00\" \/>\n<meta name=\"author\" content=\"Ekansh Saini\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/cloudkul.com\/blog\/content-security-policy-for-opencart-store-add-an-extra-layer-of-security\/\",\"url\":\"https:\/\/cloudkul.com\/blog\/content-security-policy-for-opencart-store-add-an-extra-layer-of-security\/\",\"name\":\"Content Security Policy For Open cart - Cloudkul\",\"isPartOf\":{\"@id\":\"https:\/\/cloudkul.com\/blog\/#website\"},\"datePublished\":\"2021-07-19T11:45:54+00:00\",\"dateModified\":\"2023-02-22T05:54:13+00:00\",\"author\":{\"@id\":\"https:\/\/cloudkul.com\/blog\/#\/schema\/person\/ba7305367206650102581ddeea6e2263\"},\"description\":\"CSP (Content Security Policy) is a standard that can help to put an extra layer of protection for Open cart stores against cyberattacks like Cross-site Scripting (XSS), ClickJacking and data injection attacks.\",\"breadcrumb\":{\"@id\":\"https:\/\/cloudkul.com\/blog\/content-security-policy-for-opencart-store-add-an-extra-layer-of-security\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/cloudkul.com\/blog\/content-security-policy-for-opencart-store-add-an-extra-layer-of-security\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/cloudkul.com\/blog\/content-security-policy-for-opencart-store-add-an-extra-layer-of-security\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/cloudkul.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Content Security Policy For Open cart\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/cloudkul.com\/blog\/#website\",\"url\":\"https:\/\/cloudkul.com\/blog\/\",\"name\":\"Cloudkul\",\"description\":\"Host your eCommerce Store on AWS with Optimized Performance\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/cloudkul.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/cloudkul.com\/blog\/#\/schema\/person\/ba7305367206650102581ddeea6e2263\",\"name\":\"Ekansh Saini\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/cloudkul.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/15503d9e186f868b9a1d0ed1b458f512?s=96&d=https%3A%2F%2Fs.gravatar.com%2Favatar%2F6148c37469011bc2f8e491ca8f5de495%3Fs%3D80&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/15503d9e186f868b9a1d0ed1b458f512?s=96&d=https%3A%2F%2Fs.gravatar.com%2Favatar%2F6148c37469011bc2f8e491ca8f5de495%3Fs%3D80&r=g\",\"caption\":\"Ekansh Saini\"},\"url\":\"https:\/\/cloudkul.com\/blog\/author\/ekansh-saini306\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Content Security Policy For Open cart - Cloudkul","description":"CSP (Content Security Policy) is a standard that can help to put an extra layer of protection for Open cart stores against cyberattacks like Cross-site Scripting (XSS), ClickJacking and data injection attacks.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cloudkul.com\/blog\/content-security-policy-for-opencart-store-add-an-extra-layer-of-security\/","og_locale":"en_US","og_type":"article","og_title":"Content Security Policy For Open cart - Cloudkul","og_description":"CSP (Content Security Policy) is a standard that can help to put an extra layer of protection for Open cart stores against cyberattacks like Cross-site Scripting (XSS), ClickJacking and data injection attacks.","og_url":"https:\/\/cloudkul.com\/blog\/content-security-policy-for-opencart-store-add-an-extra-layer-of-security\/","og_site_name":"Cloudkul","article_published_time":"2021-07-19T11:45:54+00:00","article_modified_time":"2023-02-22T05:54:13+00:00","author":"Ekansh Saini","twitter_card":"summary_large_image","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/cloudkul.com\/blog\/content-security-policy-for-opencart-store-add-an-extra-layer-of-security\/","url":"https:\/\/cloudkul.com\/blog\/content-security-policy-for-opencart-store-add-an-extra-layer-of-security\/","name":"Content Security Policy For Open cart - Cloudkul","isPartOf":{"@id":"https:\/\/cloudkul.com\/blog\/#website"},"datePublished":"2021-07-19T11:45:54+00:00","dateModified":"2023-02-22T05:54:13+00:00","author":{"@id":"https:\/\/cloudkul.com\/blog\/#\/schema\/person\/ba7305367206650102581ddeea6e2263"},"description":"CSP (Content Security Policy) is a standard that can help to put an extra layer of protection for Open cart stores against cyberattacks like Cross-site Scripting (XSS), ClickJacking and data injection attacks.","breadcrumb":{"@id":"https:\/\/cloudkul.com\/blog\/content-security-policy-for-opencart-store-add-an-extra-layer-of-security\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cloudkul.com\/blog\/content-security-policy-for-opencart-store-add-an-extra-layer-of-security\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/cloudkul.com\/blog\/content-security-policy-for-opencart-store-add-an-extra-layer-of-security\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cloudkul.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Content Security Policy For Open cart"}]},{"@type":"WebSite","@id":"https:\/\/cloudkul.com\/blog\/#website","url":"https:\/\/cloudkul.com\/blog\/","name":"Cloudkul","description":"Host your eCommerce Store on AWS with Optimized Performance","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cloudkul.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/cloudkul.com\/blog\/#\/schema\/person\/ba7305367206650102581ddeea6e2263","name":"Ekansh Saini","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cloudkul.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/15503d9e186f868b9a1d0ed1b458f512?s=96&d=https%3A%2F%2Fs.gravatar.com%2Favatar%2F6148c37469011bc2f8e491ca8f5de495%3Fs%3D80&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/15503d9e186f868b9a1d0ed1b458f512?s=96&d=https%3A%2F%2Fs.gravatar.com%2Favatar%2F6148c37469011bc2f8e491ca8f5de495%3Fs%3D80&r=g","caption":"Ekansh Saini"},"url":"https:\/\/cloudkul.com\/blog\/author\/ekansh-saini306\/"}]}},"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/cloudkul.com\/blog\/wp-json\/wp\/v2\/posts\/9734"}],"collection":[{"href":"https:\/\/cloudkul.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudkul.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudkul.com\/blog\/wp-json\/wp\/v2\/users\/35"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudkul.com\/blog\/wp-json\/wp\/v2\/comments?post=9734"}],"version-history":[{"count":23,"href":"https:\/\/cloudkul.com\/blog\/wp-json\/wp\/v2\/posts\/9734\/revisions"}],"predecessor-version":[{"id":15168,"href":"https:\/\/cloudkul.com\/blog\/wp-json\/wp\/v2\/posts\/9734\/revisions\/15168"}],"wp:attachment":[{"href":"https:\/\/cloudkul.com\/blog\/wp-json\/wp\/v2\/media?parent=9734"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudkul.com\/blog\/wp-json\/wp\/v2\/categories?post=9734"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudkul.com\/blog\/wp-json\/wp\/v2\/tags?post=9734"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}