Skip to content


Lorenzo Stella edited this page Mar 1, 2019 · 1 revision

CSP_GLOBAL_CHECK - CSP presence check and review

Electron apps when possible should implement a Content Security Policy (CSP) as an additional layer of protection against cross-site-scripting attacks and data injection attacks. There are two ways to set a CSP in Electron: via the webRequest.onHeadersReceived handler or directly in the markup using a <meta> tag.

This check determines whether a CSP policy is set or or is missing, both via JS or HTML:

  • If a CSP is detected, Electronegativity looks for weak directives using a library based on the online tool.
  • If no CSP is found, Electronegativity issues a warning.


CSP allows the server serving content to restrict and control the resources Electron can load for that given web page. should be allowed to load scripts from the origins you defined while scripts from should not be allowed to run.


Check whether a CSP is defined and use the tool to review its directives.


You can’t perform that action at this time.