Skip to main content
Start of main content.

Everything you need to know about Content Security Policy (CSP)

by michael.strelan /

Share this post on social media

Michael Strelan presents at DrupalSouth Melbourne 2025

Interested in learning how to build, implement and analyse a Content Security Policy? Michael shares some critical insights and lessons learned from a large government website built on Drupal.

In the presentation, “Hashes and Nonces and Violations, Oh My! Everything you need to know about Content Security Policy (CSP)”, you’ll discover that while enhancing web security on an existing site can be challenging, enabling it as early and strictly as possible eases those challenges.

Michael begins with the essentials for getting started, then moves into the more complex directives that you’ll need to know. And while a hard-coded policy isn’t dynamic enough for Drupal’s needs, particularly with Google Tag Manager—don’t panic! Michael will also present some strategies that can alleviate that.

By the end of the video, you’ll understand how to start building your policy, as well as the tools needed to analyse its effectiveness before deployment to production.

Watch the video

Related Articles