- Digital Quality Training and Certification

Making the Web better
Discover Opquast’s missions: Create checklists for site quality, provide Web professionals with a foundation of common culture, animate and sustain an ecosystem of people and entities motivated to improve the Web.
Témoignage de Joachim RobertKissKissBankBank, Web Integrator

When I changed careers, I wanted to bring meaning to my new assignments. Because I felt the need to consider the end user first, I took the Opquast training and then the certification. Thanks to what I learned, I succeeded in my interviews and convinced those who became my team. Opquast gave me the keys to understand quality, but also to find missions that make sense.
Certification
The Opquast certification has already enabled more than 20,000 web professionals to train and have their skills recognized. It allows hundreds of teams and web service providers to acquire a common culture and vocabulary for web activities.
Fiche certifiée de Arnaud Malon
Webmaster
Crédit Mutuel & CIC 940 points
About us
Find all the information about Opquast, who we are, who the team members are, how to contact us.
Our missions
Create repositories of best practices, train and certify professionals and animate an ecosystem of people and organizations determined to make the Web better.

Rule n° 212 - A security mechanism restricts the origin of content.

The server sends a page containing various elements (JavaScript files, CSS, webfonts, etc.) to the browser, which will download and display everything as quickly and efficiently as possible... without questioning the legitimacy of what it is doing. The system called Content Security Policy allows the browser to indicate rules regarding the origin of this content. This makes it possible to determine exactly what it is allowed to execute or display, and thus increases security for users.

#Basics #Development #Security

Goal

Reduce the risk of executing or serving content that is undesirable or that comes from an unauthorized source.

Solution technique

Enable the Content-Security-Policy HTTP header with the appropriate CSP 1 directives:

img-src for images ;
script-src for JavaScript ;
style-src for styles ;
font-src for webfonts ;
etc.

Moyen de contrôle

Use an HTTP header inspection tool to check for the presence of the Content-Security-Policy header.