Close Alert Banner
Skip to Content

Mobile Site Menu
HaveYourSayCaledonEconomic DevelopmentVisitCaledon
  • Home
  • General
  • Guides
  • Reviews
  • News

A smiling fitness instructor leads a dance or Zumba class in a mirrored studio, with participants following her energetic movements in the background.

Home...Parks, Recreation and Culturecsp assetscsp assets
  • Open new window to share this page via Facebook Facebook
  • Open new window to share this page via X X
  • Open new window to share this page via LinkedIn Pinterest
  • Open new window to share this page via LinkedIn LinkedIn

Csp Assets May 2026

| Asset Type | Description | Management Strategy | | :--- | :--- | :--- | | | JavaScript files (first-party & third-party). | Use 'nonce-random' for dynamic scripts; 'sha256-hash' for static inline scripts. | | Style Assets | CSS files and inline styles. | Apply 'unsafe-inline' only if necessary; prefer nonces or hashes. | | Font Assets | Web fonts (e.g., .woff2). | Define font-src directive (e.g., font-src 'self' https://fonts.gstatic.com ). | | Image Assets | Images loaded via or CSS. | Use img-src 'self' data: https: for remote images. | | Connect Assets | APIs, WebSockets, EventSource. | Define connect-src (e.g., connect-src 'self' https://api.example.com ). |

# Crawl your site to list all assets csp-scanner scan https://yoursite.com --output assets.json csp assets

Most teams can't answer this instantly. Between first-party code, analytics tags, chatbots, and font CDNs, the list of grows daily. | Asset Type | Description | Management Strategy

CSP assets refer to the resources (scripts, styles, fonts, images) and the security tokens required to whitelist them. Properly managing these assets prevents XSS and data injection attacks. | Apply 'unsafe-inline' only if necessary; prefer nonces

✅ Allow 'self' ✅ Hash inline scripts ✅ Nonce dynamic tags ❌ Block 'unsafe-inline'

echo -n "alert('safe')" | openssl dgst -sha256 -binary | base64 Output: 'sha256-abc123...'

Here is developed content for (Content Security Policy Assets), tailored for different use cases: technical documentation, a pitch/summary, and social media/website copy. 1. Technical Documentation (For Developers & Security Engineers) Title: Managing CSP Assets: Nonces, Hashes, and Allowlist Configurations

How can we help?

or  us!

Stay Informed

Subscribe now to get our newsletter.

Have your say

Contact Council or visit our new public engagement site.

Town of Caledon logo

Our residents make Caledon a vibrant place to live, work and play. 

  • View our Twitter Page
  • View our Facebook Page
  • View our Instagram Page
  • View our LinkedIn Page
  • View our YouTube Page
  • Follow us on Bluesky

Contact Us

The Corporation of the Town of Caledon
6311 Old Church Rd
Caledon ON L7C 1J6

Phone

Toll Free

Resources

  • A to Z Directory
  • Accessibility
  • Customer Service
  • Privacy
  • Sitemap

Other Websites

  • HaveYourSayCaledon
  • Economic Development
  • VisitCaledon

Copyright Copyright © 2026 First Orbit

By GHD Digital

Close Old Browser Notification
Browser Compatibility Notification
It appears you are trying to access this site using an outdated browser. As a result, parts of the site may not function properly for you. We recommend updating your browser to its most recent version at your earliest convenience.