/Knowledge/sources/honojs__hono/llms-full/secure-headers-middleware-setting-content-security-policy--dfde32b39741.md

Secure Headers Middleware: Setting Content-Security-Policy - hono-docs

Secure Headers Middleware: Setting Content Security Policy Source evidence: /Sources/honojs hono/provenance.md Canonical citation: https://hono.dev/llms full...

Secure Headers Middleware: Setting Content-Security-Policy

Source evidence: /Sources/honojs__hono/provenance.md Canonical citation: https://hono.dev/llms-full.txt#setting-content-security-policy

Summary


## Content
```ts
const app = new Hono()
app.use(
  '/test',
  secureHeaders({
    reportingEndpoints: [
      {
        name: 'endpoint-1',
        url: 'https://example.com/reports',
      },
    ],
    // -- or alternatively
    // reportTo: [
    //   {
    //     group: 'endpoint-1',
    //     max_age: 10886400,
    //     endpoints: [{ url: 'https://example.com/reports' }],
    //   },
    // ],
    contentSecurityPolicy: {
      defaultSrc: ["'self'"],
      baseUri: ["'self'"],
      childSrc: ["'self'"],
      connectSrc: ["'self'"],
      fontSrc: ["'self'", 'https:', 'data:'],
      formAction: ["'self'"],
      frameAncestors: ["'self'"],
      frameSrc: ["'self'"],
      imgSrc: ["'self'", 'data:'],
      manifestSrc: ["'self'"],
      mediaSrc: ["'self'"],
      objectSrc: ["'none'"],
      reportTo: 'endpoint-1',
      reportUri: '/csp-report',
      sandbox: ['allow-same-origin', 'allow-scripts'],
      scriptSrc: ["'self'"],
      scriptSrcAttr: ["'none'"],
      scriptSrcElem: ["'self'"],
      styleSrc: ["'self'", 'https:', "'unsafe-inline'"],
      styleSrcAttr: ['none'],
      styleSrcElem: ["'self'", 'https:', "'unsafe-inline'"],
      upgradeInsecureRequests: [],
      workerSrc: ["'self'"],
    },
  })
)

Metadata

{
  "chunk_index": 0,
  "citation": "https://hono.dev/llms-full.txt#setting-content-security-policy",
  "coverage_role": "overview",
  "qualified_title": "Hono / llms-full / Secure Headers Middleware > Setting Content-Security-Policy",
  "retrieved_at": "2026-07-02T05:51:01Z",
  "section_index": 231,
  "source_id": "/honojs/hono",
  "source_type": "llms_full",
  "target_label": "llms-full",
  "title": "Secure Headers Middleware: Setting Content-Security-Policy",
  "upstream_url": "https://hono.dev/llms-full.txt",
  "version": "2026"
}
Kinic Wiki
Loading knowledge node
Details

Identity

database
db_23dhmsxlhukv
database_id
db_23dhmsxlhukv
path
/Knowledge/sources/honojs__hono/llms-full/secure-headers-middleware-setting-content-security-policy--dfde32b39741.md
kind
directory
role
markdown_note
children
0

Metadata

created_at
virtual
updated_at
virtual
etag
virtual
metadata_json
{}

Lint Hints

No lightweight warnings.

Outgoing Links

No outgoing links indexed.

Incoming Links

Select a file node to inspect backlinks.

Raw Source

No raw source path inferred.