Skip to main content

Gmail now supports Content Security Policy to prevent extensions from loading unsafe code

Google has made several strides to improve the safety and reliability of Gmail in the past year, such as serving images through secure proxy servers and requiring an encrypted HTTPS connection. Looking to continue to that trend, Google announced on Tuesday that it has improved the security of Gmail on the desktop by adding support for Content Security Policy (CSP).

CSP is designed to stop extensions that behave badly, load code that interferes with a Gmail session or contain malware that compromises your email security by preventing unsafe code from being loaded. Google claims that most popular extensions have already been updated to work properly with the CSP standard, and recommends that users upgrade any extensions that may be having issues.

Gmail is one of the more secure email services available, with Google having always encrypted emails using Transport Layer Security (TLS). Earlier this year, Google introduced an end-to-end encryption tool and encouraged other mail providers to add encryption for both sent and received emails. Additional security tips can be found through the Google Security Center.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications