?script-src“ & ?object-src“

  • Resolved AYRF

    (@ayrf)


    11 months, 3 weeks ago

    Hey there,

    PageSpeed Insights is telling me that…

    a. ?script-src“ is missing.
    b. ?object-src“ is missing, too, and I should set it on “none”.

    Will you add this to your plug-in or can you tell me how to work around?

    Chris

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Andrea Ferro

    (@unicorn03)

    Hi @ayrf, thank you for using the plugin and for the feedback this allows me to optimize the plugin more and more and offer quick assitance to everyone.

    Sure! Here’s an explanation of how to add CSP rules using the two widely used and recommended tools for Firefox and Chrome:

    1. Content Security Policy Gen (Firefox):
    • Install the “Content Security Policy Gen” extension from this link in your Firefox browser.
    • After installation, visit the website for which you want to generate CSP rules.
    • Click on the extension icon in the browser toolbar to initiate the site scan.
    • The extension will scan the website and generate recommended CSP rules based on the resources present on the site.
    • Copy the generated CSP rules from the extension’s output.
    • Content Security Policy Checker (Chrome):
    • Install the “Content Security Policy Checker” extension from this link in your Google Chrome browser.
    • Access the website for which you want to generate CSP rules.
    • Click on the extension icon in the browser toolbar to initiate the site scan.
    • The extension will scan the website and generate recommended CSP rules based on the resources present on the site.
    • Copy the generated CSP rules from the extension’s output.

    Once you have obtained the CSP rules from one of the tools, follow these steps to add them using the “Headers Security Advanced & HSTS WP” plugin:

    1. Access the Plugin Settings:
    • In your WordPress website, log in to the administration area and navigate to the installed plugins section.
    • Find and click on the “Headers Security Advanced & HSTS WP” plugin to access its settings.
    • Configure the CSP Header:
    • Inside the plugin settings, look for the “CSP Header” option and click on it to open the CSP rules configuration section.
    • Paste the CSP Rules:
    • In the CSP Header section, you’ll find a field where you can paste the CSP rules generated previously by the tool.
    • Paste the rules into the designated field, ensuring they are correctly formatted.
    • Save the Changes:
    • After pasting the CSP rules, click on “Save” or “Update” to apply the changes.

    By using the recommended tools, you can generate specific CSP rules for your site, ensuring enhanced security and avoiding the implementation of unnecessary rules.

    At the core of my plugin’s mission: ‘Security is a right, not a privilege.’ Rest assured, the security solution is completely free and simple without complicated or endless configurations. Protect your website with security and ease.

    Hi there,

    I had the same problem and was glad to find this solution.
    My site is built with elementor. Unfortunately this way of adding CSP rules breaks my layout.
    Is it a known problem that CSP doesn’t go well with pagebuilders like elementor or should it be possible to have a basic CSP despite using elementor. Do I maybe have to whitelist or include some exceptions? Is this possible with the plugin?

    Thanks
    Oliver

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.