Enable Content Security Policy and HTTP Public Key Pinning

Does not apply to Deep Security as a Service

Enabling Content Security Policy and HTTP Public Key Pinning in the Deep Security Manager can provide additional protection against cross-site scripting attacks and fraudulent certificates.

In multi-tenant mode, the Content Security Policy and HTTP Public Key Pin Policy settings are only available to the primary tenant.

Add a content security policy or public key pin policy

  1. Go to Administration > System Settings > Security.
  2. Enter your Content Security Policy or HTTP Public Key Pin Policy directives in the corresponding field.

    Before you enable your policies, test them by selecting the Report Only option and verifying that the policy violation reports are correct.

    You can enter individual policy directives on separate lines.

  3. Click Save at the bottom of the page.

Reset your configuration

If you experience trouble while configuring your content security policy or public key pin policy and cannot correct it in the Deep Security Manager, SSH into the Deep Security Manager and run the corresponding commands to reset your configuration(s):

Content security policy

dsm_c -action changesetting –name settings.configuration.contentSecurityPolicy -value ""

dsm_c -action changesetting -name settings.configuration.contentSecurityPolicyReportOnly -value "true"

Public key pin policy

dsm_c -action changesetting -name settings.configuration.publicKeyPinPolicy -value ""

dsm_c -action changesetting -name settings.configuration.publicKeyPinPolicyReportOnly -value "true"