Content Security Policy (CSP)

This page explains the Content Security Policy (CSP) implemented on Digit Menu to protect users from injection attacks such as cross-site scripting (XSS).

What is CSP?

CSP is a web security standard that allows control over the resources (scripts, images, styles, etc.) a browser is allowed to load for a specific page. It significantly reduces the risk of XSS and other injection-based attacks.

Why we use CSP

We use CSP to ensure that only trusted content is loaded. This prevents malicious scripts from being injected or executed in our application.

Main rules applied

• Only scripts, styles, and images from trusted domains are allowed.
• Inline script execution is blocked.
• External object loading (such as Flash) is forbidden.
• The site cannot be displayed in an iframe from an unauthorized domain (anti-clickjacking).

With this policy, we strengthen user security and reduce common attack vectors. We regularly update our CSP based on technical evolution.

Data Protection and User Data Security

We are committed to protecting your personal data. We implement technical and organizational measures to secure user information against unauthorized access, disclosure, alteration, or destruction. This includes encrypted connections (HTTPS), secure password storage, restricted access to production systems, and regular security audits.