I would like to add Content-Security-Policy header to my website. However, it was messed my website content. How do i apply it safely or you guys has it for xStore theme?
Here is what i used:
Header always set Content-Security-Policy “default-src ‘self’; font-src *;img-src * data:; script-src *; style-src *;”Theme version: 7.2.5
I have added it to Apache directive settings on my domain. Shield Security is great, but not free…lol. Im looking for independency solution.
Setting up the CSP header is a very complex and difficult task. The plugins used on the site may have different settings so there are no general standards.
So first of all to set up CSP headers, I would suggest you please use this plugin:https://wordpress.org/plugins/content-security-policy-pro/. It also gives the option to disable the CSP on the back-end so no plugin conflict arises.
I have personally not tested it but it seems effective in defining CSP and has a simple interface. Please also remember that it is a third-party plugin and we do not guarantee that it will work with your setup but you can give it a try.
Another way is to add the CSP rules to the .htaccess file. You will have to add rules for google font, analytics, etc.
I see this detailed document you can take help from for adding your rules to .htaccess.
Please let me know if you have any concerns regarding this, we would love to assist you.
You must be logged in to reply to this topic.Log in/Sign up
One standard license is valid only for 1 project. Running multiple projects on a single license is a copyright violation.