# Browser-Level Protection

#### Content Security Policy (CSP)

MyBucks.online implements a strict Content Security Policy (CSP) to provide an essential layer of defense against Cross-Site Scripting (XSS) and data injection attacks. This policy instructs your browser to only execute scripts that are explicitly authorized and hosted on our verified domain.

Because our wallet is entirely self-custodial and runs in your local environment, the CSP is configured to block all unauthorized third-party connections. This prevents malicious actors from injecting scripts that could attempt to capture your credentials or exfiltrate sensitive data. By enforcing these restrictions at the browser level, we ensure that the wallet's code remains isolated and secure during your entire session.

Minimizing third-party JavaScript dependencies is a core security baseline for our project, significantly reducing the attack surface for XSS and malicious injections.

#### Actual CSP Header

```
default-src 'self';
script-src 'self';
style-src 'self' 'unsafe-inline';
img-src 'self' data: blob: https://cdn.moralis.io https://logo.moralis.io https://assets.coingecko.com https://beaverbuild.com https://opensea.io;
font-src 'self' data:;
connect-src https://*.infura.io https://api.trongrid.io https://deep-index.moralis.io https://api.blockchain.info https://bsc-dataseed.binance.org https://gasstation.polygon.technology;
object-src 'none';
base-uri 'self';
form-action 'self'; 
frame-ancestors 'none';
upgrade-insecure-requests;
```

We have removed '**self**' from the **connect-src** directive in our Content Security Policy (CSP). Since mybucks.online is a fully static, browser-only application with no backend under the same origin, this keyword was unnecessary.

#### Independent Security Verification

We encourage users to independently verify our security configuration using the **Mozilla Observatory**. This is a free, open-source tool provided by Mozilla that scans websites to ensure they follow modern security best practices, such as the correct implementation of **Content Security Policy** (CSP) and secure transport protocols.

By running a scan, you can view our current security grade and confirm that we have strictly restricted resource loading to protect your session. You can perform a live security audit of our domain at any time by visiting the [Mozilla Observatory](https://developer.mozilla.org/en-US/observatory) and entering **app.mybucks.online**.

<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.mybucks.online/concept/security-consideration/browser-level-protection.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.