As hackers step up their attacks, many tech companies are stepping up their security features. Google has added content security policy for users of Gmail on the desktop.
Gmail now supports content security policy and Google designed it to help eliminate cross-site scripting and other common Web-based attacks.
Content Security Policy (CSP) is a W3C standard which is supported by multiple browsers. Mozilla has been supporting CSP since Firefox 4. The technology is effective at defending against XSS attacks however the issues has been that not many websites support it plus many IT consultants state that it is difficult to implement properly.
What are the benefits to Content Security Policy (CSP) for Gmail?
The benefits are simple and clear for Google. As many large technology companies, Google carries a very large target on its back. Gmail is subject to a large list of threats from hackers. Gmail also has a very large user base which includes people from all over the world. Google has beefed up the security of Gmail several times in the last 24 months period including the ability to select HTTPS as the default connection option and adding a two-step verification option. Now, Google went even further by adding Content Security Policy (CSP).
Gmail users beware! Gmail offers many great extensions however some extensions are not great and behave badly including code that interferes with Gmail session, or malware that compromises Gmail’s security. Gmail’s Content Security Policy (CSP) protects users by stopping these extensions from loading unsafe code.
The most common web-based attack are XSS attacks. The unfortunate part is that can take advantage of these vulnerabilities to load malicious code from a remote site and compromise visitors to a legitimate site. Content Security Policy (CSP) is designed to mitigate these attacks by letting site owners determine which domains can safely load scripts in the browser.