Close popover

Table of Contents

Content security policies


The Content Security Policy (CSP) is a set of directives that inform the user's browser of locations from which an application is allowed to load resources. These locations are provided in the form of URL schemes, including the use of an asterisk (*) to represent all URLs. Each directive governs a specific resource type that affects what is displayed in a browser. Collectively, the directives are sent to the client in the Content-Security-Policy HTTP header. Each browser type and version obey as much of the policy as they can. If a browser does not understand a directive, it is ignored; otherwise it is explicitly followed.

  • Securing your application with a content security policy

    You can use content security policies to indicate from where your application can load resources, which makes your application more secure. To view or update the content security policies in your application, or to view the content security policies that are available in Pega Platform, do one of the following actions.

  • Keystores

    A keystore is a file that contains keys and certificates that you use for encryption, authentication, and serving content over HTTPS. In Pega Platform, you create a keystore data instance that points to a keystore file.

  • Allowing a website as an exception to a content security policy directive

    For various directives in a content security policy, you can explicitly grant access to selected websites. These websites have access to the application as an exception to the configured policy.

Suggest Edit

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.