CSP | Content Security Policy > Getting it right for images in emails

Hi all,

I’ve been using a CSP for quite some time and I’ve recently updated my website, yay (along with the CSP). Let me know what you think 01 Systems

I’m limiting the CSP to allow all scripts to certain domains etc. but recently noticed that emails with embeded images, loaded from the website url seem to get blocked by the email client as I did not allow images to be loaded.

So, when setting up a CSP for your domain(s) if you are using images in your emails, remember: make sure to allow images to be loaded from other places.

I’ve just changed my images directive to the following, unsure if its correct as inital testing does not show success.

img-src https: * data:

Anyway wanted to start this thread as seems to be important. Any feedback if anyone can shed light on this, thank you :slight_smile: