Tag Archives: content security policy

Content-Security-Policy for WordPress with Disqus…

…that works in nginx:

add_header Content-Security-Policy
    "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' agilob.disqus.com disqus.com a.disquscdn.com referrer.disqus.com;
      img-src 'self' agilob.disqus.com disqus.com a.disquscdn.com referrer.disqus.com;
      style-src 'self' 'unsafe-inline' agilob.disqus.com disqus.com a.disquscdn.com referrer.disqus.com;
      font-src 'self';
      frame-src 'self' 'unsafe-inline' agilob.disqus.com disqus.com a.disquscdn.com referrer.disqus.com;
      object-src 'none'";