Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Please note: 'unsafe' declarations like 'unsafe-inline' should not be used as XSS would be allowed
- # I have added 'unsafe' declarations as Wordpress themes and plugins are relying on them and I am investigating for a proper minify solution
- # Report-Only: For testing purpose use add_header Content-Security-Policy-Report-Only: …
- add_header Content-Security-Policy: "default-src 'self';
- script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.[YOUR-DOMAIN] *.google-analytics.com *.googletagmanager.com *.google.com *.googleapis.com;
- style-src 'self' 'unsafe-inline' *.[YOUR-DOMAIN] *.googleapis.com *.bootstrapcdn.com;
- img-src 'self' *.[YOUR-DOMAIN] data: *.google-analytics.com *.gstatic.com *.gravatar.com *.w.org;
- frame-src 'self' maps.google.com pastebin.com;
- font-src 'self' data: *.gstatic.com *.bootstrapcdn.com;
- connect-src 'self' *.googletagmanager.com;
- report-uri /csp-report.php";
- add_header X-Content-Security-Policy: "default-src 'self';
- script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.[YOUR-DOMAIN] *.google-analytics.com *.googletagmanager.com *.google.com *.googleapis.com;
- style-src 'self' 'unsafe-inline' *.[YOUR-DOMAIN] *.googleapis.com *.bootstrapcdn.com;
- img-src 'self' *.[YOUR-DOMAIN] data: *.google-analytics.com *.gstatic.com *.gravatar.com *.w.org;
- frame-src 'self' maps.google.com pastebin.com;
- font-src 'self' data: *.gstatic.com *.bootstrapcdn.com;
- connect-src 'self' *.googletagmanager.com;
- report-uri /csp-report.php";
- add_header X-WebKit-CSP: "default-src 'self';
- script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.[YOUR-DOMAIN] *.google-analytics.com *.googletagmanager.com *.google.com *.googleapis.com;
- style-src 'self' 'unsafe-inline' *.[YOUR-DOMAIN] *.googleapis.com *.bootstrapcdn.com;
- img-src 'self' *.[YOUR-DOMAIN] data: *.google-analytics.com *.gstatic.com *.gravatar.com *.w.org;
- frame-src 'self' maps.google.com pastebin.com;
- font-src 'self' data: *.gstatic.com *.bootstrapcdn.com;
- connect-src 'self' *.googletagmanager.com;
- report-uri /csp-report.php";
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement