isitready.dev
Start free scan

Security

Content Security Policy

Content Security Policy is one of the public readiness signals included in isitready.dev reports.

Why it matters

CSP reduces script injection blast radius and documents trusted execution surfaces.

How to improve it

  • Expose the signal on the canonical public origin.
  • Link it from discovery surfaces such as robots.txt, sitemap.xml, HTML head metadata, or HTTP Link headers where appropriate.
  • Re-run the scan and confirm the evidence row now reports a passing or informational status.