{"id":22940,"date":"2020-09-30T09:17:59","date_gmt":"2020-09-30T09:17:59","guid":{"rendered":"https:\/\/www.heartinternet.uk\/blog\/?p=22940"},"modified":"2020-09-30T09:17:59","modified_gmt":"2020-09-30T09:17:59","slug":"why-you-need-a-content-security-policy","status":"publish","type":"post","link":"https:\/\/www.heartinternet.uk\/blog\/why-you-need-a-content-security-policy\/","title":{"rendered":"Why you need a Content Security Policy"},"content":{"rendered":"<p>If you run an online business, or operate a business website of any kind, you know you need to be aware of the potential security threats to your site and, through that, to your business.<\/p>\n<p>We laid out a comprehensive list of the reasons you should take cybersecurity seriously, <a href=\"https:\/\/www.heartinternet.uk\/blog\/top-cybersecurity-risks-facing-your-business-and-how-to-stay-secure\/\">here<\/a>. And, today, we\u2019re concentrating on one of the many techniques you can employ to protect yourself.<\/p>\n<p>A Content Security Policy (CSP) is a layer of security you can add to your site to help defend against certain types of attacks. A CSP can stop modern browsers from executing malicious scripts that are injected into your site.<\/p>\n<p>The World Wide Web Consortium (W3) &#8211; which was founded by web-pioneer Tim Berners-Lee &#8211; is the standards organisation for the World Wide Web. <a href=\"https:\/\/www.w3.org\/TR\/CSP3\/\">W3 describes<\/a> a Content Security Policy as: \u201cA tool which developers can use to lock down their applications in various ways, mitigating the risk of content injection vulnerabilities such as cross-site scripting, and reducing the privilege with which their applications execute.\u201d<\/p>\n<p>Cross-site Scripting (XSS) attacks consist of injecting malicious client-side scripts into your website, then using your website to spread the scripts to other users.<\/p>\n<p>Client-side scripts are programs that are downloaded and run by the browser. Their functions can be as simple as flashing up an alert message in your website, to animating images, mining cryptocurrencies or showing pop-ups for embarrassing medical products.<\/p>\n<h3>Injecting malicious scripts into vulnerable websites<\/h3>\n<p>It\u2019s important to understand that, when attackers find a website vulnerable to XSS attacks, they have two ways of injecting malicious scripts into it:<\/p>\n<p><strong>1. Inline script:<\/strong> Attackers can add their code directly into your website\u2019s HTML.<\/p>\n<p><strong>2. Load script from an external domain:<\/strong> Attackers load a script from multiple infected sites and modify the script when they need to.<\/p>\n<h3>XSS attacks<\/h3>\n<p>XSS attacks happen because browsers are designed to trust all requests that come from your website, inline, or from an external source. A CSP reduces the risk of XSS attacks by allowing web developers to define directives such as:<\/p>\n<p>\u25cf Execute all code coming from my domain.<br \/>\n\u25cf Execute all code coming from an external trusted domain and subdomains.<br \/>\n\u25cf Do not execute JavaScript.<\/p>\n<h3>Defining and delivering a Content Security Policy<\/h3>\n<p>Every CSP is made up of two parts:<\/p>\n<p>Part one is a set of directives which tell the browsers of your website\u2019s visitors how to control specific resources in your website.<\/p>\n<p>Part two tells browsers whether to enforce the CSP or not.<\/p>\n<p>Here\u2019s an example of how to define a Content Security Policy around JavaScript using the script-src directive. <a href=\"https:\/\/developers.google.com\/web\/fundamentals\/security\/csp\">Google\u2019s Web <\/a>Fundamentals defines script-src as \u201ca directive that controls a set of script-related privileges for a specific page\u201d.<\/p>\n<p>So, this is an example of a directive that will prevent the execution of JavaScript in the browsers that respect the Content Security Policy:<\/p>\n<p>\u25cf Content-Security-Policy: script-src &#8216;none&#8217;<\/p>\n<p>There are two ways you can deliver this directive to the browsers of your website\u2019s visitors:<\/p>\n<p>1. <strong>Use the HTMLtag.<\/strong> This should be placed as early as possible in the HTML of your web pages. Here\u2019s how you can set the script-src directive to block all JavaScript in a &lt; meta &gt; tag &lt;meta http-equiv=&#8221;Content-Security-Policy&#8221; content=&#8221;script-src &#8216;none&#8217;;&#8221;&gt;<\/p>\n<p>2. <strong>Use a Content-Security-Policy HTTP Response Header.<\/strong> For example, if you use Apache, you can define the CSP in the httpd.conf, VirtualHost, or .htaccess files of your site. Just add it like this, to achieve the same result of blocking all JavaScript: Header set Content Security-Policy \u201cscript-src &#8216;none&#8217;;\u201d<\/p>\n<p>This second method is considered more secure and is the way W3 recommends for serving CSPs.<\/p>\n<h3>Examples of Content Security Policies<\/h3>\n<p>The complete list of directives you can use is available at <a href=\"https:\/\/www.w3.org\/TR\/CSP3\/#csp-directives\">W3\u2019s website<\/a>, but here are a few choice examples:<\/p>\n<p>\u25cf <strong>script-src<\/strong> This will restrict the location from which scripts are executed, it will also block inline scripts and the eval() function.<br \/>\n<strong>\u25cf media-src<\/strong> This will restrict the location from which video, audio, and associated text track resources are loaded.<br \/>\n\u25cf <strong>frame-src<\/strong> This will restrict the location from which iFrames are loaded.<br \/>\n\u25cf <strong>img-src<\/strong> This will restrict the location from which images are loaded.<br \/>\n\u25cf <strong>font-src<\/strong> This will restrict the location from which font files are loaded.<br \/>\n\u25cf <strong>style-src<\/strong> This will restrict the location from which .css files are loaded (and also block inline styles).<\/p>\n<p>Now, here are a few examples of the keywords\/values you can set your directives to:<\/p>\n<p>\u25cf <strong>\u2018none\u2019<\/strong> This will match nothing \u2013 meaning that all elements controlled by the directive will be blocked (as in our JavaScript example, above).<br \/>\n\u25cf <strong>\u2018self\u2019<\/strong> This will match the current URL\u2019s origin (the URL of your website).<br \/>\n\u25cf <strong>\u2018https:\/\/\u2019<\/strong> This will match all resources loading over HTTPS.<\/p>\n<p>Now, let\u2019s see how these operate in practice, with some examples:<\/p>\n<p>1: CSP allowing only JavaScript hosted in your site:<\/p>\n<p>Content-Security-Policy: script-src &#8216;self&#8217;<\/p>\n<p>2: CSP allowing only JavaScript and images hosted on your site:<\/p>\n<p>Content-Security-Policy: script-src &#8216;self&#8217;; img-src \u2018self\u2019;<\/p>\n<p>3: CSP allowing only JavaScript hosted on your site and cdn.trustedorigin.net but images hosted everywhere:<\/p>\n<p>Content-Security-Policy: script-src &#8216;self&#8217; cdn.trustedorigin.net; img-src *;<\/p>\n<p>4: CSP blocking iFrames in your site:<\/p>\n<p>Content-Security-Policy: frame-src \u2018none;\u2019<\/p>\n<p>5: CSP blocking all form submissions in your site:<\/p>\n<p>Content-Security-Policy form-action &#8216;none&#8217;;<\/p>\n<h3>Testing your Content Security Policies<\/h3>\n<p>It is important to know that every policy has a disposition, which is either \u201cenforce\u201d or \u201creport\u201c, where \u201cenforce\u201d applies your CSP, while the \u201creport\u201d one allows developers to experiment with the policy without actually enforcing it.<\/p>\n<p>You can do this by defining the Content-Security-Policy-Report-Only header instead of the Content-Security-Policy header, and adding the directive report-uri (which provides real-time security reporting for your site) with a URL where you would like to see reports about CSP violations. This allows you to fix any accidental violation to your policy before enforcing it, because the Content-Security-Policy-Report-Only header is not supported inside an element.<\/p>\n<h3>Securing your website with Heart Internet<\/h3>\n<p>Cross-site Scripting attacks can do serious damage to your online business. For example, the injection of unwanted malicious scripts into your site can get you blocklisted by Google . Our security partners, Sucuri, have put together a <a href=\"https:\/\/sucuri.net\/guides\/how-to-remove-google-blacklist-warning\/\">useful guide<\/a> about how you can remove Google\u2019s blocklist warnings.<\/p>\n<p>But, of course, prevention is always better than cure.<\/p>\n<p>That said, it\u2019s very important to remember that a CSP is just one weapon you have in the armoury, to defend yourself against attackers. A Content Security Policy can\u2019t defend you by itself, but only as part of your overall suite of cybersecurity measures.<\/p>\n<p>If you are looking for a complete website security solution that will monitor and protect your website, look no further than <a href=\"https:\/\/www.heartinternet.uk\/website-security\">Heart Internet Website Security<\/a> &#8211; powered by Sucuri.<\/p>\n<p>We offer daily scans, down to the server level, to ensure that any malware attempting to infect your system is stopped in its tracks. Website Security also monitors your site for symptoms such as blocklisting and issues with uptime.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A Content Security Policy (CSP) can help defend your website against cyber attacks. We explain what one is<br \/>\nare, how it works, and offer some examples.<\/p>\n","protected":false},"author":4,"featured_media":22950,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[25,29],"tags":[],"class_list":{"0":"post-22940","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-web-hosting","8":"category-your-website"},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.2 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Why you need a Content Security Policy - Heart Internet<\/title>\n<meta name=\"description\" content=\"Why you need a Content Security Policy - Written by the team at Heart Internet.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.heartinternet.uk\/blog\/why-you-need-a-content-security-policy\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Why you need a Content Security Policy - Heart Internet\" \/>\n<meta property=\"og:description\" content=\"Why you need a Content Security Policy - Written by the team at Heart Internet.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.heartinternet.uk\/blog\/why-you-need-a-content-security-policy\/\" \/>\n<meta property=\"og:site_name\" content=\"Heart Internet\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/heartinternet\/\" \/>\n<meta property=\"article:published_time\" content=\"2020-09-30T09:17:59+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2020\/09\/Why-you-need-a-Content-Security-Policy-featured.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"627\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Heart Internet\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@heartinternet\" \/>\n<meta name=\"twitter:site\" content=\"@heartinternet\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Heart Internet\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.heartinternet.uk\/blog\/why-you-need-a-content-security-policy\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.heartinternet.uk\/blog\/why-you-need-a-content-security-policy\/\"},\"author\":{\"name\":\"Heart Internet\",\"@id\":\"https:\/\/heartblog.victory.digital\/#\/schema\/person\/4cf88a3a32d3dc3df684ebe5b470bb78\"},\"headline\":\"Why you need a Content Security Policy\",\"datePublished\":\"2020-09-30T09:17:59+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.heartinternet.uk\/blog\/why-you-need-a-content-security-policy\/\"},\"wordCount\":1151,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/heartblog.victory.digital\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.heartinternet.uk\/blog\/why-you-need-a-content-security-policy\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2020\/09\/Why-you-need-a-Content-Security-Policy-featured.jpg\",\"articleSection\":[\"Web Hosting\",\"Your Website\"],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.heartinternet.uk\/blog\/why-you-need-a-content-security-policy\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.heartinternet.uk\/blog\/why-you-need-a-content-security-policy\/\",\"url\":\"https:\/\/www.heartinternet.uk\/blog\/why-you-need-a-content-security-policy\/\",\"name\":\"Why you need a Content Security Policy - Heart Internet\",\"isPartOf\":{\"@id\":\"https:\/\/heartblog.victory.digital\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.heartinternet.uk\/blog\/why-you-need-a-content-security-policy\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.heartinternet.uk\/blog\/why-you-need-a-content-security-policy\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2020\/09\/Why-you-need-a-Content-Security-Policy-featured.jpg\",\"datePublished\":\"2020-09-30T09:17:59+00:00\",\"description\":\"Why you need a Content Security Policy - Written by the team at Heart Internet.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.heartinternet.uk\/blog\/why-you-need-a-content-security-policy\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.heartinternet.uk\/blog\/why-you-need-a-content-security-policy\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.heartinternet.uk\/blog\/why-you-need-a-content-security-policy\/#primaryimage\",\"url\":\"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2020\/09\/Why-you-need-a-Content-Security-Policy-featured.jpg\",\"contentUrl\":\"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2020\/09\/Why-you-need-a-Content-Security-Policy-featured.jpg\",\"width\":1280,\"height\":627},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.heartinternet.uk\/blog\/why-you-need-a-content-security-policy\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.heartinternet.uk\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Why you need a Content Security Policy\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/heartblog.victory.digital\/#website\",\"url\":\"https:\/\/heartblog.victory.digital\/\",\"name\":\"Heart Internet\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/heartblog.victory.digital\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/heartblog.victory.digital\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/heartblog.victory.digital\/#organization\",\"name\":\"Heart Internet\",\"url\":\"https:\/\/heartblog.victory.digital\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/heartblog.victory.digital\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2025\/02\/HeartInternet_Logo_Colour.webp\",\"contentUrl\":\"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2025\/02\/HeartInternet_Logo_Colour.webp\",\"width\":992,\"height\":252,\"caption\":\"Heart Internet\"},\"image\":{\"@id\":\"https:\/\/heartblog.victory.digital\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/heartinternet\/\",\"https:\/\/x.com\/heartinternet\",\"https:\/\/www.linkedin.com\/company\/heart-internet-ltd\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/heartblog.victory.digital\/#\/schema\/person\/4cf88a3a32d3dc3df684ebe5b470bb78\",\"name\":\"Heart Internet\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/heartblog.victory.digital\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/?s=96&d=mm&r=g\",\"caption\":\"Heart Internet\"},\"url\":\"https:\/\/www.heartinternet.uk\/blog\/author\/heart-internet\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Why you need a Content Security Policy - Heart Internet","description":"Why you need a Content Security Policy - Written by the team at Heart Internet.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.heartinternet.uk\/blog\/why-you-need-a-content-security-policy\/","og_locale":"en_GB","og_type":"article","og_title":"Why you need a Content Security Policy - Heart Internet","og_description":"Why you need a Content Security Policy - Written by the team at Heart Internet.","og_url":"https:\/\/www.heartinternet.uk\/blog\/why-you-need-a-content-security-policy\/","og_site_name":"Heart Internet","article_publisher":"https:\/\/www.facebook.com\/heartinternet\/","article_published_time":"2020-09-30T09:17:59+00:00","og_image":[{"width":1280,"height":627,"url":"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2020\/09\/Why-you-need-a-Content-Security-Policy-featured.jpg","type":"image\/jpeg"}],"author":"Heart Internet","twitter_card":"summary_large_image","twitter_creator":"@heartinternet","twitter_site":"@heartinternet","twitter_misc":{"Written by":"Heart Internet","Estimated reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.heartinternet.uk\/blog\/why-you-need-a-content-security-policy\/#article","isPartOf":{"@id":"https:\/\/www.heartinternet.uk\/blog\/why-you-need-a-content-security-policy\/"},"author":{"name":"Heart Internet","@id":"https:\/\/heartblog.victory.digital\/#\/schema\/person\/4cf88a3a32d3dc3df684ebe5b470bb78"},"headline":"Why you need a Content Security Policy","datePublished":"2020-09-30T09:17:59+00:00","mainEntityOfPage":{"@id":"https:\/\/www.heartinternet.uk\/blog\/why-you-need-a-content-security-policy\/"},"wordCount":1151,"commentCount":0,"publisher":{"@id":"https:\/\/heartblog.victory.digital\/#organization"},"image":{"@id":"https:\/\/www.heartinternet.uk\/blog\/why-you-need-a-content-security-policy\/#primaryimage"},"thumbnailUrl":"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2020\/09\/Why-you-need-a-Content-Security-Policy-featured.jpg","articleSection":["Web Hosting","Your Website"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.heartinternet.uk\/blog\/why-you-need-a-content-security-policy\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.heartinternet.uk\/blog\/why-you-need-a-content-security-policy\/","url":"https:\/\/www.heartinternet.uk\/blog\/why-you-need-a-content-security-policy\/","name":"Why you need a Content Security Policy - Heart Internet","isPartOf":{"@id":"https:\/\/heartblog.victory.digital\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.heartinternet.uk\/blog\/why-you-need-a-content-security-policy\/#primaryimage"},"image":{"@id":"https:\/\/www.heartinternet.uk\/blog\/why-you-need-a-content-security-policy\/#primaryimage"},"thumbnailUrl":"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2020\/09\/Why-you-need-a-Content-Security-Policy-featured.jpg","datePublished":"2020-09-30T09:17:59+00:00","description":"Why you need a Content Security Policy - Written by the team at Heart Internet.","breadcrumb":{"@id":"https:\/\/www.heartinternet.uk\/blog\/why-you-need-a-content-security-policy\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.heartinternet.uk\/blog\/why-you-need-a-content-security-policy\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.heartinternet.uk\/blog\/why-you-need-a-content-security-policy\/#primaryimage","url":"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2020\/09\/Why-you-need-a-Content-Security-Policy-featured.jpg","contentUrl":"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2020\/09\/Why-you-need-a-Content-Security-Policy-featured.jpg","width":1280,"height":627},{"@type":"BreadcrumbList","@id":"https:\/\/www.heartinternet.uk\/blog\/why-you-need-a-content-security-policy\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.heartinternet.uk\/blog\/"},{"@type":"ListItem","position":2,"name":"Why you need a Content Security Policy"}]},{"@type":"WebSite","@id":"https:\/\/heartblog.victory.digital\/#website","url":"https:\/\/heartblog.victory.digital\/","name":"Heart Internet","description":"","publisher":{"@id":"https:\/\/heartblog.victory.digital\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/heartblog.victory.digital\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/heartblog.victory.digital\/#organization","name":"Heart Internet","url":"https:\/\/heartblog.victory.digital\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/heartblog.victory.digital\/#\/schema\/logo\/image\/","url":"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2025\/02\/HeartInternet_Logo_Colour.webp","contentUrl":"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2025\/02\/HeartInternet_Logo_Colour.webp","width":992,"height":252,"caption":"Heart Internet"},"image":{"@id":"https:\/\/heartblog.victory.digital\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/heartinternet\/","https:\/\/x.com\/heartinternet","https:\/\/www.linkedin.com\/company\/heart-internet-ltd"]},{"@type":"Person","@id":"https:\/\/heartblog.victory.digital\/#\/schema\/person\/4cf88a3a32d3dc3df684ebe5b470bb78","name":"Heart Internet","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/heartblog.victory.digital\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/?s=96&d=mm&r=g","caption":"Heart Internet"},"url":"https:\/\/www.heartinternet.uk\/blog\/author\/heart-internet\/"}]}},"_links":{"self":[{"href":"https:\/\/www.heartinternet.uk\/blog\/wp-json\/wp\/v2\/posts\/22940","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.heartinternet.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.heartinternet.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.heartinternet.uk\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.heartinternet.uk\/blog\/wp-json\/wp\/v2\/comments?post=22940"}],"version-history":[{"count":0,"href":"https:\/\/www.heartinternet.uk\/blog\/wp-json\/wp\/v2\/posts\/22940\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.heartinternet.uk\/blog\/wp-json\/wp\/v2\/media\/22950"}],"wp:attachment":[{"href":"https:\/\/www.heartinternet.uk\/blog\/wp-json\/wp\/v2\/media?parent=22940"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.heartinternet.uk\/blog\/wp-json\/wp\/v2\/categories?post=22940"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.heartinternet.uk\/blog\/wp-json\/wp\/v2\/tags?post=22940"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}