Back
plugin-icon

CSP-ANTS&ST

By Pascal CESCATO·
content security policy
csp
nonces
Add a nonce to each script and style tags, sha256 hashes to inline events, and set them in CSP header.
Ratings
3.5
Last updated
April 21, 2022
Version
1.1.1
Active installations
100
CSP-ANTS&ST

For a perfectly secured website, you have to avoid ‘unsafe-eval’ and ‘unsafe-inline’ in your content-security-policy header. This plugin add nonces to script/style tags and add those nonces to the content-security-policy header, so your website will be more secure, even if there are other actions to perform in order to have a very strong protection.

Features

There are no settings, it’s a plug and play plugin. This plugin automaticallly: – add a nonce to each script and style tag and a sha256 hash to online events (onload / onclick) – generate Content Security Policy header with all nonces and hashes + basics (base-uri ‘self’, google fonts, gravatar, maxcdn.bootstrapcdn…)

Tested / Works with no cache system, WP Rocket on Plesk (Nginx/Apache webserver) and Lscache (Openlitespeed/Litespeed webserver) Should work elsewhere, just say me and I’ll add your setup to this list.

Requirements

  • WordPress 5.0 or higher.

Related plugins

See all
Freeon Creator plan
Get started
By installing, you agree to WordPress.com’s Terms of Service and the Third-Party plugin Terms.
Active installations
100
Tested up to
5.9.9
This plugin is available for download to be used on your WordPress self-hosted installation.
Download