Adding CSP to a Wordpress Droplet

Question

I have tried multiple ways of adding CSP and other security measures to my .htaccess, but I was wondering if this is the best way to do this. I can’t seem to even get it working with the .htaccess file.

Answer 1

jtittle1 April 17, 2017

@brendonray

You may want to take a look at https://content-security-policy.com/ for examples.

For Apache, you should be able to use the following in either your VirtualHost or .htaccess file.

Header set Content-Security-Policy "default-src 'self';"

There’s also an example by HTML 5 Boilerplate, which is set in the VirtualHost.

<IfModule mod_headers.c>

    Header set Content-Security-Policy "script-src 'self'; object-src 'self'"

    # `mod_headers` cannot match based on the content-type, however,
    # the `Content-Security-Policy` response header should be send
    # only for HTML documents and not for the other resources.

    <FilesMatch "\.(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|webmanifest|woff2?|xloc|xml|xpi)$">
        Header unset Content-Security-Policy
    </FilesMatch>

</IfModule>

Reply Report

Related

Question

Adding CSP to a Wordpress Droplet

Related

Leave a comment

Looking for something else?

Sign up for our newsletter

Related

Question

Adding CSP to a Wordpress Droplet

Related

Leave a comment

Related

question

How do i resolve Server Error 500

question

FTP Not Working

question

Any body help me out to install godaddy ssl for ubuntu server

question

Redirect not working when using https

Looking for something else?