Security & compliance
Configure your site's Content Security Policy and the cookie banner used for GDPR and CCPA compliance
The Security & compliance area covers two things: your site's Content Security Policy (CSP), and the cookie banner shown to visitors for GDPR and CCPA compliance.
Open Security under Settings in Basker. The screen is titled "Security & Compliance" with the subtitle Manage your site's Content Security Policy and privacy banner settings for GDPR and CCPA compliance.
Content Security Policy
A Content Security Policy tells browsers which sources of scripts, images, fonts, and other resources are allowed to load on your site. It's a baseline defence against cross-site scripting and other injection attacks.
Basker offers three presets:
- Strict — most secure. May break third-party embeds and analytics.
- Moderate (default) — same-origin scripts, external images over HTTPS and data URIs.
- Relaxed — most compatible, lowest security. Use only if stricter presets break your site.
If a third-party script or embed needs more permissions than the preset grants, add them in Custom Directives as a JSON object. For example:
{ "img-src": "'self' https://cdn.example.com" }Custom directives are appended to the selected preset.
Cookie banner
The cookie banner is the consent banner shown to visitors when they first arrive on your site, used to comply with GDPR, CCPA, and similar privacy laws.
Toggle Enable Cookie Banner to show or hide the banner across your site. When the banner is shown, visitors see your privacy notice and a chance to accept or decline cookies before non-essential cookies are set.
Saving changes
Click Save Changes at the bottom to apply both CSP and cookie banner updates.