Flying Spares, provider of spare parts for vintage cars and high quality marques, displaying a Rolls-Royce from their eCommerce Shopify development from magic42

Flying Spares

International B2B Magento with 240k catalogue, Khaos Control Integration and digital marketing.
See our work
Stone Computers Case Study by magic42

Stone Computers

Adobe Magento Commerce B2C, B2B portal and PunchOut sites and bespoke loan payment solution.
See our work
Alan Paine quality clothing retailer showing their brand, as featured in their case study for their eCommerce website with magic42

Alan Paine

Multisite, B2C migration from Magento to Shopify Plus with ERP integration.
See our work
Haws Watering Cans case study after eCommerce development agency, magic42, migrated their site to Shopify

Haws Watering Cans

B2C eCommerce strategy, UX improvements, AdWords and Klaviyo email marketing management.
See our work
Alan Paine quality clothing retailer showing their brand, as featured in their case study for their eCommerce website with magic42

Alan Paine

Multi-site, B2C migration from Magento to Shopify Plus with ERP integration.
Find out more
Roger Clark Motorsport automative eCommerce client case study from magic42, showing high quality silver cars in a slick garage

Roger Clark Motorsport

B2C and B2B migration of bespoke, global automotive parts website to Shopify.
Find out more

Call Us

Speak to a Shopify expert:

0121 663 6360

Get in touch 
magic42 - eCommerce development experts born from retail success

Born from a retailer

Read the full story of how our award-winning retail business developed into magic42.
Find out more
Envision Workshop documents as an outcome from our replatforming and migration meeting for your eCommerce website

How we'll work with you

Find out what it's like to partner with us and the steps involved for your eCommerce project.
Find out more
Alex Ashman, director of magic42, in a bumper car with a huge grin on his face as he mingles with his eCommerce development team at magic42

Looking for a career with us?

Take a look at what it's like to work at magic42 and the opportunities we offer.
Find out more

Call Us

Speak to our eCommerce experts:

0121 663 6360

Get in touch 

How Magento’s Content Security Policy keeps you secure

Alex Ashman
October 16, 2023
How Magento's Content Security Policy Keeps You Secure

In a world dominated by technology and connectivity, online safety measures such as Magento’s Content Security Policy are crucial.

More than 2.8 billion cyber attacks occurred in the first half of 2022. That doesn’t include the 5,000,000+ mobile malware, adware and riskware attacks within just one quarter, alone. This can prove devastating for an eCommerce website, which is why it’s imperative to mitigate these concerns. One such way is by implementing a Content Security Policy.

What is a Content Security Policy?

In its simplest terms, a Content Security Policy (CSP) is a set of rules that website owners can set to specify who can load what content on their site. This can prevent the running of unwanted malware scripts, card skimming and misleading elements loading to the page. Customers therefore receive an extra layer of protection when browsing the website.

Another way to think about it is by imagining you’re giving a list of trusted friends (trusted sources) to a bouncer (the browser) and relaying, “Only let these friends (sources) can attend and send content to my party (website).” This creates a whitelist of trustworthy sources (shown below). The end result is that this helps prevent unwanted or potentially harmful content from being loaded, enhancing the website’s security.

Magento Content Security Policy coding showing several whitelisted websites

What is a Content Security Policy in the Context of Magento?

CSP features are a part of both Magento Open Source and its licensed variant, Adobe Commerce.

Released back in Magento 2.3.5, these CSP features can be applied on a per website level.

What Are the Benefits of Implementing Magento’s CSP?

One key benefit is that Magento CSP can make sure malicious content links and any associated scripts are instantly blocked from the protected website. This ensures sure customers are safe to make purchases on your website.

Adobe Commerce even goes one step further with its ability to encrypt sensitive information, such as those used at the payment gateway. Customer transactions can therefore be kept secure and their card details safe.

Magento security services can also be combined with additional safety measures, such as two-factor authentication (2FA). When used with these security hardening methods, a Magento CSP or Adobe Commerce Content Security Policy works in harmony to protect both you and your customers.

How can the CSP be customised?

Both Magento CSP and Adobe Commerce CSP feature two customisable modes:

  • Report mode recognises, but does not block each URL linking to the page and reports on any that are suspicious
  • Restrict mode blocks any unrecognised URLs and associated threats linked to the website.

One way to measure a page’s current mode is to right-click the page and select ‘Inspect’. From there, click the ‘Console’ tab. Any issues will be presented there immediately, with a clear indication on whether the details are being reported or restricted entirely.

An experienced developer can set up the Magento CSP for you, initially in report mode and then into restrict mode. Testing is often iterative to set this up, as an area of the website may trigger requests for further content and involve additional testing (such as a live chat pulling through a favicon icon). This will however ensure the content you want is pulled through or blocked.

It’s worth noting that you’ll need to continue to maintain the CSP as changes are made to your site. For example, adding a new tracking script will be automatically blocked in restrict mode. The domain and type of policy will first need to be whitelisted, then tested to ensure the connection is authorised (shown below). Usually, this would form part of a typical development process using a standard release procedure from a staging and production website.

Magento and Adobe Commerce CSP Coding showing a large whitelist for individual website URLs.

Concerned About Magento Security?

We take a proactive approach in protecting your website. As we are a Magento development agency and Adobe Commerce development agency that specialises in UK based Magento hosting, our developers are well-versed in Magento’s Content Security Policy and are happy to help ensure your content is protected.

Contact us for more information about your Magento CSP and we will be happy to help.

magic42 logo
magic42 is a UK-based eCommerce development agency, born from an award-winning retailer. Having grown with the industry since the year 2000, we provide our unique perspective to help clients get the best from their eCommerce platforms.
Company No. 11572347 VAT No. 310 2436 61
Adobe Solution Partners Bronze Logo, used by verified Adobe expertsShopify Partners Logo (as used by Shopify Development Partners)
© Copyright 2024 magic42 Limited - All Rights Reserved
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram