My content-security-policy has blocked more malicious ads

I see a lot of entries for (purposely not linked) in my Content-Security-Policy logs. These are folks who have some malware installed on their desktop, when they surf to my blog, they get redirected and advertising injected. Except that my CSP forbids this (since I don’t allow them img-src or script-src permission).

I wrote about this earlier. I’m appalled that such things exist. I’m also saddened that its come to this, a spy-vs-spy one-upmanship games where people like me spend time adding rules to prevent malware writers from taking advantage of folks.

Once again, I’ll suggest an action. Head to Enter a site name that you use. If it doesn’t get a great score, write to the owner: get it fixed.







One response to “My content-security-policy has blocked more malicious ads”

  1. Alex Leyn

    Re: spy-vs-spy: ICE and ultimately Black ICE are inevitable (regardless the “electronics” misnomer):

Leave a Reply

Your email address will not be published. Required fields are marked *