0

i'm a new self learner to html and now i'm learning about meta tags , and rn i'm studying about content-security-policy . i've seen that csp consist of 2 part , the directive and the value . i understand the directives but i don't understand the value .

'self' allows resources from same origin , but why people add another value? a link. what does it mean ?

<meta http-equiv="content-security-policy" content="default-src 'self' example.com *.example.com">

what does this mean and what are exactly the links? are they links for a document maybe a js document or css stylesheet? or is it a link that goes (https...etc) ? i'm new to this and i have no idea about any programming language i'm just learning about meta tag attributes so please help me and give me a good explanation about this topic because i really don't understand

sara
  • 1
  • 1
    Did you already take a look at the [MDN Docs on Content Security Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy)? – Andy Jun 21 '22 at 10:31
  • Or even better, the [Introductory article on CSP](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP), which explains the attacks that should be mitigated by means of that policy. – Andy Jun 21 '22 at 10:37

0 Answers0