Content Security Headers – setting values

  • Resolved ferda2

    (@ferda2)


    2 years, 2 months ago

    Hi, how do I set Content-Security-Policy: default-src ‘self’ example.com *.example.com? Generate CSP -> Default Source (Inline) not working. Thank you for the advice?

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Kevin Pirnie

    (@kevp75)

    You would put your domains in the “Default Source” text box. It works fine on all of my sites. Can you show me both your admin side and fron-end?

    Also, I dont think you really need “Inline” checked for Default, generally it’s not a great idea to do that, I have it in there because all the other policies have it….

    Plugin Author Kevin Pirnie

    (@kevp75)

    My site showing the “Default” config and headers being set properly.

    • This reply was modified 2 years, 2 months ago by Kevin Pirnie. Reason: original images were not showing
    Thread Starter ferda2

    (@ferda2)

    Everything is fine now. Thanks.

    Plugin Author Kevin Pirnie

    (@kevp75)

    Thanks for comfirming @ferda2

    I suspect the issue was some caching maybe?

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Content Security Headers – setting values’ is closed to new replies.