Content Security Policy
Security and Privacy Information
Content Security Policy (CSP)
Northpath Tech implements a Content Security Policy (CSP) to protect against cross-site scripting (XSS), clickjacking, and other malicious code injection attacks. Our CSP restricts the types of content that can be loaded on our web pages.
Our CSP Directives
Our website enforces the following security directives:
- script-src: Scripts can only be loaded from approved, same-origin sources and trusted third-party providers
- style-src: Stylesheets are restricted to same-origin and trusted CDN sources
- img-src: Images can be loaded from same-origin and approved external sources
- font-src: Web fonts are restricted to approved sources
- connect-src: API connections are limited to trusted endpoints
- frame-ancestors: Prevents clickjacking by restricting framing
- object-src: Blocks plugins and embedded objects
Trusted Third-Party Sources
We allow content from the following trusted providers to enhance functionality and security:
- Google (Analytics, reCAPTCHA, Fonts)
- Cloudflare (CDN, security)
- Microsoft Clarity (user insights)
- HubSpot (analytics, chatbot)
- Anthropic (AI services)
Why CSP Matters
A strong Content Security Policy helps us:
- Prevent unauthorized script injection attacks
- Reduce the impact of XSS vulnerabilities
- Protect against clickjacking attacks
- Maintain data privacy and security
- Detect and report security violations
CSP Violations
If you encounter a CSP violation message in your browser console, it means that external content attempted to load but was blocked by our security policy. This is intentional and protective. If you believe a legitimate feature is being blocked, please report it to security@northpathtech.com.
Transparency and Security
We believe in transparency about our security practices. Our CSP is designed to protect you while maintaining the functionality you expect. If you have questions about our security measures, please contact our security team.
More Information
For technical details about Content Security Policy, visit the MDN Web Docs or the W3C specification.