Add a nonce to each script and style tags, and set those nonces in CSP header.
| Author: | Pascal CESCATO (profile at wordpress.org) |
| WordPress version required: | 5.9 |
| WordPress version tested: | 5.9.3 |
| Plugin version: | 1.1.1 |
| Added to WordPress repository: | 21-04-2022 |
| Last updated: | 21-04-2022
Warning! This plugin has not been updated in over 2 years. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.
|
| Rating, %: | 70 |
| Rated by: | 4 |
| Plugin URI: | |
| Total downloads: | 1 033 |
| Active installs: | 100+ |
 Click to start download |
|
For a perfectly secured website, you have to avoid ‘unsafe-eval’ and ‘unsafe-inline’ in your content-security-policy header.
This plugin add nonces to script/style tags and add those nonces to the content-security-policy header, so your website will be more secure, even if there are other actions to perform in order to have a very strong protection.
Features
There are no settings, it’s a plug and play plugin.
This plugin automaticallly:
– add a nonce to each script and style tag and a sha256 hash to online events (onload / onclick)
– generate Content Security Policy header with all nonces and hashes + basics (base-uri ‘self’, google fonts, gravatar, maxcdn.bootstrapcdn…)
Tested / Works with no cache system, WP Rocket on Plesk (Nginx/Apache webserver) and Lscache (Openlitespeed/Litespeed webserver)
Should work elsewhere, just say me and I’ll add your setup to this list.
Requirements
- WordPress 5.0 or higher.
FAQ
ChangeLog