CSP on Monzo.me

_Colin_W · 3 April 2017 08:51

Similar to this helpful topic about HSTS…

… should the Content Security Policy HTTP response header also not be defined on all TLS websites in Monzo’s portfolio? It can help reduce cross-site scripting risk, and missing security controls like this would be reported as a vulnerability in application security testing.

anon44204028 · 3 April 2017 09:27

It is probably better to have this type of discussion in the Monzo Developer’s Slack channel.

It’s easier to have a quick back and forth conversation with the members of the team who deal with this sort of thing there & the average non-techie user will definately have no idea what you are on about in this community

billinghamj · 3 April 2017 10:00

@alexs Probably worth considering this as being a duplicate and merging it into CSP/HSTS/HPKP (security headers) on Monzo.me

alexs · 3 April 2017 10:08

A post was merged into an existing topic: CSP/HSTS/HPKP (security headers) on Monzo.me

Topic		Replies	Views
CSP/HSTS/HPKP (security headers) on Monzo.me Monzo Chat	15	2880	24 May 2017
No HSTS Help	1	1047	23 May 2017
Cloudflare protected webhook endpoint Developers	2	219	13 March 2025
Including more information about security on Monzo.me? Monzo Chat	10	2677	29 March 2017
Webhook SSL issues Developers	8	1846	18 April 2019

CSP on Monzo.me

Related topics