Free SEO by IBS Group
Low impactSecurity

Missing Content Security Policy

Without CSP, your site is more vulnerable to XSS and clickjacking. Here's a safe starting policy.

What it means

Content-Security-Policy restricts which scripts, styles, and resources a browser will load on your page.

Why it matters

CSP is the most effective defense against XSS. It's an SEO signal indirectly, Chrome dev tools warnings hurt user trust and engagement.

How to fix it

  1. Start with Report-Only mode: 'Content-Security-Policy-Report-Only: default-src 'self';'
  2. Monitor reports, whitelist needed origins.
  3. Promote to enforcing CSP.

Find this issue on your site automatically

FreeSEO scans for missing content security policy and 140+ other issues, free, no signup.

Run a free scan Explore all free SEO tools

Frequently asked questions

Is CSP an SEO ranking factor?

Not directly. It improves the security signals Chrome shows, which affects user trust and engagement metrics.

Related issues

Missing HSTS Header
Without HSTS, users can be downgraded to HTTP on first visit. Here's how to add it safely.
Mixed Content Warnings
HTTP resources on HTTPS pages trigger browser warnings and break trust. Here's how to find and fix them all.