CSP & CSP Report Concatenation Issue

  • I’m encountering a Content Security Policy (CSP) / CSP Report Only issue where the Host entries in the WP Hide settings are being concatenated incorrectly, causing CSP violations in my browser. There is no written advice or instructions on how to separate hosts in these fields.

    Steps I’m taking:

    1. I enter multiple hosts (e.g., https://fonts.googleapis.com and https://use.fontawesome.com)in CSP or CSPRO fields (such as script-src or style-src)
    2. Save the settings.
    3. Check the CSP header in the browser’s Developer Tools.

    Observed Behaviour: The hosts are concatenated into a single invalid entry.

    Required output: Each host should appear as a separate entry in the CSP header.

    Please help me do this. I have tried to keep these hosts separated with many experiments but it is not working. Thank you in advance.

Viewing 1 replies (of 1 total)
  • Plugin Contributor Maya

    (@tdgu)

    Hi,
    Sorry for the issue. I think you are using the WP Hide PRO ? If so, please contact us through the plugin website and a developer will assist with the Content Security Policy security header setup.

    Thanks

Viewing 1 replies (of 1 total)
  • You must be logged in to reply to this topic.