
The idea is quite simple: By sending a CSP header from a website, you are telling the browser what it is authorized to execute and what it is authorized to block. And by doing this, Content Security Policy helps block the XSS vulnerabilities.
CSP allows a host to specify a whitelist of approved sources that a browser can load content from and is an effective countermeasure for XSS attacks.
Content Security Policy is delivered via a HTTP response header, much like HSTS, and defines approved sources of content that the browser may load. It can be an effective countermeasure to Cross Site Scripting (XSS) attacks and is also widely supported and usually easily deployed.
CSP Directives
* default-src: Define loading policy for all resources type in case of a resource type dedicated directive is not defined (fallback),
* script-src: Define which scripts the protected resource can execute,
* object-src: Define from where the protected resource can load plugins,
* style-src: Define which styles (CSS) the user applies to the protected resource,
* img-src: Define from where the protected resource can load images,
* media-src: Define from where the protected resource can load video and audio,
* frame-src: Define from where the protected resource can embed frames,
* font-src: Define from where the protected resource can load fonts,
* connect-src: Define which URIs the protected resource can load using script interfaces,
* form-action: Define which URIs can be used as the action of HTML form elements,
* sandbox: Specifies an HTML sandbox policy that the user agent applies to the protected resource,
* script-nonce: Define script execution by requiring the presence of the specified nonce on script elements,
* plugin-types: Define the set of plugins that can be invoked by the protected resource by limiting the types of resources that can be embedded,
* reflected-xss: Instructs a user agent to activate or deactivate any heuristics used to filter or block reflected cross-site scripting attacks, equivalent to the effects of the non-standard X-XSS-Protection header,
* report-uri: Specifies a URI to which the user agent sends reports about policy violation
This plugin was written by Laxman Thapa, Web Developer.
Starting from $0 per month.
Rating
Reviewers
4 reviews
Tags
Developed By
thapa.laxman
Quick & Easy
Common Ninja has a large selection of powerful Wordpress plugins that are easy to use, fully customizable, mobile-friendly and rich with features — so be sure to check them out!
Testimonial plugins for Wordpress
Contact Form plugins for Wordpress
Maps plugins for Wordpress
Translation plugins for Wordpress
Chat plugins for Wordpress
Slider plugins for Wordpress
Reviews plugins for Wordpress
Contact plugins for Wordpress
Galleries plugins for Wordpress
SEO plugins for Wordpress
Forms plugins for Wordpress
Comments plugins for Wordpress
Backup plugins for Wordpress
Privacy plugins for Wordpress
Optimize plugins for Wordpress
Tabs plugins for Wordpress
Social Sharing plugins for Wordpress
Events Calendar plugins for Wordpress
Comments plugins for Wordpress
Social Feeds plugins for Wordpress
Social Sharing plugins for Wordpress
Portfolio plugins for Wordpress
Video Player plugins for Wordpress
popup plugins for Wordpress
SiteMap plugins for Wordpress
Payment plugins for Wordpress
Coming Soon plugins for Wordpress
Inventory plugins for Wordpress
Testimonials plugins for Wordpress
Portfolio plugins for Wordpress
Membership plugins for Wordpress
Forms plugins for Wordpress
Analytics plugins for Wordpress
Events Calendar plugins for Wordpress
Sliders plugins for Wordpress
Analytics plugins for Wordpress
Reviews plugins for Wordpress
Security plugins for Wordpress
Ads plugins for Wordpress
Music Player plugins for Wordpress
Countdown plugins for Wordpress
Email Marketing plugins for Wordpress
Membership plugins for Wordpress
Ecommerce plugins for Wordpress
Customer Support plugins for Wordpress
Video Player plugins for Wordpress
Tabs plugins for Wordpress
Social Feeds plugins for Wordpress
Common Ninja Apps
Browse our extensive collection of compatible plugins, and easily embed them on any website, blog, online store, e-commerce platform, or site builder.

Show Facebook posts in a live Facebook feed that keeps content fresh, boosts social proof, and helps visitors engage more with your brand.
Add Messenger Chat to your site to communicate with visitors, offer fast support, and create a smoother user experience across all pages.

Show YouTube videos in a customizable YouTube feed that keeps content fresh, boosts watch time, and helps visitors explore more of your channel.
Add interactive video overlays with links, product cards, and buttons that appear on top of your videos to boost engagement and guide user actions.

Show fresh content from any source with an RSS feed that keeps your site updated, improves navigation, and boosts user engagement.

An Info List presents key details in a clear, structured format to improve user experience and support conversions.
Show LinkedIn posts with a LinkedIn feed carousel that auto updates, presents content in a smooth layout, and keeps visitors engaged.
Use a sticky video that stays visible while users scroll to keep content in view, increase watch time, and boost engagement.
Show YouTube videos with a YouTube slider that displays clips in a smooth, customizable layout to boost engagement.
Add an Instagram slider to your site to display social posts dynamically and keep your visual content engaging and current.
Show Google Play reviews for your Android app to build trust, strengthen credibility, and help visitors make confident download decisions.
Add social media and RSS feeds to your site to display fresh content, grow your online presence, and keep visitors engaged with real time updates.
More plugins
The Common Ninja Search Engine platform helps website builders find the best site widgets, apps, plugins, tools, add-ons, and extensions! Compatible with all major website building platforms - big or small - and updated regularly, our Search Engine tool provides you with the business tools your site needs!
