This whitepaper explains how HTTP headers can be used in relation to web application security. It highlights the most commonly used HTTP headers and explains how each of them works in technical detail.
In CSP, we use a whitelist to define rules. With this approach, we can filter out any resources that do not fit with our rules. All we have to do is to state the resources within the Content-Security-Policy response header:
This response to the Online Harms White Paper sets out plans for a new duty of care to make companies take responsibility for the safety of their users. It builds on our manifesto commitment to introduce legislation to make the UK the safest place in the world to be online but at the same time defend freedom of expression.
2. The government set out the results of the formal consultation and clarified its direction of travel in the Online Harms White Paper - Initial government response, published in February 2020. The initial government response reconfirmed our commitment to the duty of care approach set out in the White Paper and announced a number of further measures to increase proportionality and protect freedom of expression. It also indicated that the government was minded to appoint Ofcom as the regulator. The government has continued to develop its policy proposals since February and has made further, important changes. The full government response confirms that Ofcom will be named as the regulator in legislation, and sets out the intended policy position.
Consultation responses and stakeholder engagement: Stakeholders wanted more detail on the breadth of both services and harms in scope. There were calls to protect freedom of expression and a focus on protecting children. Some suggested that further work should be done to increase education and public awareness of online harms.
Consultation responses and stakeholder engagement: Many stakeholders welcomed the approach, noting that this would underpin an effective, future-proofed framework. Nevertheless, industry responses sought greater reassurance and certainty about how it would be proportionate in practice, particularly for small and medium-sized enterprises; and how flexibility would be balanced with certainty about what the duty of care requires of companies. Rights groups and industry also emphasised the need to provide more certainty about how safety would be balanced with freedom of expression, particularly in relation to legal but harmful content.
Consultation responses and stakeholder engagement: The consultation responses flagged concerns about the broad scope of harms, calling for greater clarity and highlighting the subjectivity inherent in identifying many of the harms, especially those which are legal. Many respondents objected to the latter being in scope. There were concerns that proposals could impact freedom of expression online. Respondents to the consultation welcomed the approach to the protection of children.
Consultation responses and stakeholder engagement: A range of stakeholders, including civil society organisations, raised concerns about including disinformation and misinformation in scope of the regulation because of the impact this might have on freedom of expression. Many stakeholders are concerned about the threat that disinformation and misinformation poses to individual users, as well as its potential broader impact on public safety, national security and community cohesion. 153554b96e