We have been using Mozilla observatory grading to nudge us to improve our webserver configurations; make them more secure. We can put additional headers in apache/nginx/IIS to obtain a grade B but more effort is required with the Content Security Policy. CSP is for controlling script origins and mitigating XSS (cross site scripting), clickjacking, and …