Content Security Policy – Plugin

Content Security Policy prevents content injection attacks by allowing admins to specify which sites they trust to serve JavaScript and other types of content in their site. Any content which is not explicitly allowed by the policy will be blocked from loading.

The Content Security Policy plugin provides WordPress administrators a mechanism to specify a custom policy, or adopt a recommended policy based on the types and sources of content present in their site.


  • Upload to the /wp-content/plugins/ directory and unzip
  • Activate the plugin through the 'Plugins' menu in WordPress
  • Configure a policy for your site in the 'Settings > CSP menu