Background

Content Security Policy (CSP)

Content Security Policy (CSP)

Effective Date: July 2026

At Directory One, security is a core part of our commitment to providing a safe, reliable, and trustworthy experience for our users. To help protect our website and visitors from common web-based threats, we implement a Content Security Policy (CSP) alongside other industry-standard security measures.

What Is a Content Security Policy?

A Content Security Policy (CSP) is a web security standard enforced by modern browsers. It defines which sources of content are permitted to load and execute on our website, helping prevent malicious code from being injected into web pages.

By restricting untrusted content, CSP significantly reduces the risk of attacks such as:

  • Cross-Site Scripting (XSS)
  • Code injection attacks
  • Unauthorized JavaScript execution
  • Malicious third-party resource loading
  • Clickjacking and other client-side security risks (when combined with additional security headers)

Why Does Directory One Use CSP?

Our Content Security Policy is designed to strengthen website security while maintaining a seamless browsing experience. It helps us:

  • Protect visitors from malicious scripts and injected content.
  • Ensure website resources load only from approved sources.
  • Prevent unauthorized code execution.
  • Reduce the risk of data manipulation through browser-based attacks.
  • Improve the overall integrity and reliability of our platform.

CSP is one of several security controls we use to safeguard our website and user experience.

How Does Our Content Security Policy Work?

When you visit Directory One, your browser receives security instructions that determine which resources are allowed to load. Depending on our current website configuration, these rules may apply to:

  • JavaScript files
  • CSS stylesheets
  • Images
  • Fonts
  • Audio and video files
  • API and network connections
  • Embedded content such as frames
  • Browser plugins and executable objects

Resources originating from unauthorized or untrusted sources may be automatically blocked by the browser in accordance with our security policy.

Scope

This Content Security Policy applies to all publicly accessible pages, applications, and digital services owned and operated by Directory One unless otherwise stated.

The policy governs browser-delivered resources, including but not limited to website scripts, stylesheets, images, fonts, media files, embedded content, APIs, and other web assets delivered through supported browsers.

Security Objectives

Directory One implements Content Security Policy controls to support the following objectives:

  • Reduce exposure to browser-based security vulnerabilities.
  • Restrict the execution of unauthorized or untrusted client-side code.
  • Limit resource loading to approved and trusted sources where technically appropriate.
  • Protect website functionality against common web application attacks.
  • Support secure software development and deployment practices.
  • Enhance the overall security posture of our online services.

Our security controls are regularly evaluated and may be modified as our infrastructure, technologies, regulatory obligations, or security requirements evolve.

Trusted Content Sources

Where technically appropriate, Directory One configures browser security policies to restrict the loading of website resources to approved origins and trusted service providers.

Depending on website functionality, these resources may include:

  • JavaScript files
  • Cascading Style Sheets (CSS)
  • Images and graphics
  • Fonts
  • Audio and video content
  • API connections
  • Embedded content
  • Form submissions
  • Web workers
  • Other browser-rendered resources

Authorized sources may include Directory One infrastructure, trusted cloud service providers, content delivery networks (CDNs), analytics providers, payment processors, communication platforms, and other third-party services required for legitimate website operation.

Protection Against Unsafe Content

Our security policies are designed to minimize the execution of unsafe or unauthorized content whenever possible. Depending on operational requirements, our implementation may restrict:

  • Inline JavaScript
  • Inline CSS
  • Unauthorized external scripts
  • Dynamic code execution methods
  • Unapproved embedded resources

These restrictions help reduce the attack surface while maintaining normal website functionality.

Browser Security Controls

Our Content Security Policy may include technical directives intended to enhance browser security, including, where applicable:

  • Resource source restrictions
  • Script execution controls
  • Style source restrictions
  • Image and media source restrictions
  • Font source restrictions
  • Connection endpoint restrictions
  • Frame embedding limitations
  • Object and plugin restrictions
  • Base URI controls
  • Form action restrictions
  • Secure resource loading requirements
  • Reporting mechanisms for policy violations

The specific directives implemented may change without prior notice as part of ongoing security maintenance, infrastructure updates, or operational requirements.

Security Monitoring

We continuously review and improve our website's security practices. Where applicable, CSP violations and other security events may be monitored to identify potential threats, improve our defenses, and maintain the integrity of our services.

Content Security Policy configurations may be updated periodically to:

  • Address newly identified security risks.
  • Improve compatibility with modern browsers.
  • Support new website functionality.
  • Comply with applicable legal, regulatory, or contractual requirements.
  • Reflect evolving cybersecurity standards and industry best practices.

Such updates may be implemented without prior notice where necessary to protect the security of our systems and users.

If you believe you have discovered a security vulnerability or suspicious activity related to our website, we encourage responsible disclosure by contacting us.

Third-Party Services

Certain website features may depend upon third-party platforms or vendors to provide functionality, analytics, communication services, payment processing, security services, mapping technologies, content delivery, or other operational capabilities.

Where feasible, Directory One evaluates such providers before permitting their resources within applicable Content Security Policy configurations. However, Directory One does not control the security practices, availability, or operational policies of independent third-party organizations.

Users accessing third-party content remain subject to the applicable terms, privacy policies, and security practices of those providers.

Limitations

While Content Security Policy provides an important layer of protection, no single security measure can eliminate every possible threat. Directory One employs multiple security practices, regular monitoring, and ongoing updates to help maintain a secure environment for our users.

Updates to This Policy

As our website evolves, our Content Security Policy and related security configurations may also change. This page may be updated periodically to reflect improvements to our security practices and compliance requirements. We encourage visitors to review this page from time to time for the latest information.

Contact Us

If you have any questions about this Content Security Policy or our website security practices, please contact us through our Contact Us page. We appreciate your trust in Directory One and remain committed to maintaining a secure and dependable online experience for all visitors.