web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

Agent Academy Hackathon is happening now!
Welcome to the Power Platform Communities
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Pages / Site checker keeps say...
Power Pages
Unanswered

Site checker keeps saying "Content security policy is not configured" even when set

(0) ShareShare
ReportReport
Posted on by Gary_Eden 381

Hi

When running the site checker I keep getting this message.

Gary_Eden_0-1695890453648.png

The Learn more link takes me here: https://learn.microsoft.com/en-us/power-pages/security/site-checker-security?WT.mc_id=powerportals_inproduct_portalstudio2#http-headers

 

Following the instructions I've created the setting and attached it to my site.

Gary_Eden_1-1695890576036.png

 

I had a similar message to set up the X-Content-Type-Options (as you can see from the above screenshot), I've set this up and the warning message has gone away. 

 

I haven't done anything different setting up the content security policy but the warning won't go away. I've tried re-syncing several times and closed and reopened my browser, tried a different browser and even rebooted my PC all to no avail.

 

Am I missing something when adding the setting?  

 

Categories:
Security
I have the same question (0)
  • MH-02091453-0 Profile Picture
    MH-02091453-0 125 on at

    I have the same issue, I set mine to script-src 'nonce' as in microsoft documentation but the scanner is flagging it an a warning and not set.  Any ideas?

  • Gary_Eden Profile Picture
    Gary_Eden 381 on at

    Hi @MichelleH 

    Still have the same problem across 3 sites in three separate environments (dev/test/live) using a combination of sandbox and production.

    If I find the solution I'll post here, unless someone posts first (and we can use their method).

  • oliver.rodrigues Profile Picture
    oliver.rodrigues 9,475 Most Valuable Professional on at

    is this solved? probably best to open a support ticket with Microsoft

  • fm_skeller Profile Picture
    fm_skeller 277 Moderator on at

    I think it needs a valid CSP string (and both examples are not as far as I can tell)
    In addition, the portal needs a restart from the admin portal for the CSP to apply (the same goes for most site settings) - and after that it takes a while for the check to pass for some reason.
    It should be something like this 

    script-src 'self' content.powerapps.com 'nonce';style-src 'self' content.powerapps.com 'unsafe-inline'; object-src 'none'

    if you include additional js files or css files from external sources, you'd need to add those as well.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Agent Academy Hackathon is happening now!
Welcome to the Power Platform Communities

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Users!

Kudos to our 2025 Community Spotlight Honorees

Congratulations to our 2025 community superstars!

Congratulations to the April Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Pages

#1
Valantis Profile Picture

Valantis 58

#2
11manish Profile Picture

11manish 49

#3
Haque Profile Picture

Haque 28

Last 30 days Overall leaderboard

Featured topics

Solution to LinkedIn Authentication in Power Apps Portals
Welcome to the Power Pages forum!

Product updates

Microsoft Power Platform Community release plans