How can PHP headers be used to implement a Content Security Policy in WordPress?
Content Security Policy (CSP) is a security standard that helps prevent cross-site scripting (XSS) attacks by allowing website owners to control which resources can be loaded on their site. In WordPress, you can implement a CSP using PHP headers to specify the allowed sources for scripts, stylesheets, images, fonts, and other resources.
function add_content_security_policy_header() {
header("Content-Security-Policy: default-src 'self'; script-src 'self' https://example.com; style-src 'self' https://fonts.googleapis.com; img-src 'self' https://example.com; font-src 'self' https://fonts.gstatic.com");
}
add_action('send_headers', 'add_content_security_policy_header');
Related Questions
- How can PHP developers troubleshoot issues related to SOAP-Client in IntelliJ?
- How can PHP developers ensure accurate character encoding conversion when dealing with ISO-8859-1 encoded emails in PHP?
- What are some potential pitfalls when using wget with PHP to download files from one server to another?