This topic has 4 replies, 3 voices, and was last updated 3 years, 10 months ago ago by Muhammad Zaki
Hello guys,
I would like to add Content-Security-Policy header to my website. However, it was messed my website content. How do i apply it safely or you guys has it for xStore theme?
Here is what i used:
Header always set Content-Security-Policy “default-src ‘self’; font-src *;img-src * data:; script-src *; style-src *;”
Hello,
Where did you use that? Did you try https://wordpress.org/plugins/wp-simple-firewall/ plugin to implement Content-Security-Policy header?
Regards
Hi Olga,
I have added it to Apache directive settings on my domain. Shield Security is great, but not free…lol. Im looking for independency solution.
Hello!
Setting up the CSP header is a very complex and difficult task. The plugins used on the site may have different settings so there are no general standards.
So first of all to set up CSP headers, I would suggest you please use this plugin:https://wordpress.org/plugins/content-security-policy-pro/. It also gives the option to disable the CSP on the back-end so no plugin conflict arises.
I have personally not tested it but it seems effective in defining CSP and has a simple interface. Please also remember that it is a third-party plugin and we do not guarantee that it will work with your setup but you can give it a try.
Another way is to add the CSP rules to the .htaccess file. You will have to add rules for google font, analytics, etc.
I see this detailed document you can take help from for adding your rules to .htaccess.
https://walterebert.com/blog/using-csp-wordpress/
Please let me know if you have any concerns regarding this, we would love to assist you.
Thank you!
You must be logged in to reply to this topic.Log in/Sign up