Title: avoid data uri&#8217;s for frame-src
Last modified: April 28, 2020

---

# avoid data uri’s for frame-src

 *  Resolved [JohnRDOrazio](https://wordpress.org/support/users/lwangaman/)
 * (@lwangaman)
 * [6 years, 1 month ago](https://wordpress.org/support/topic/avoid-data-uris-for-frame-src/)
 * I have been tightening up security on my websites, and have set HSTS headers 
   which allow for jetpack.wordpress.com and widgets.wp.com for frame-src attributes.
   However I recently started getting an error:
 * `Refused to frame '' because it violates the following Content Security Policy
   directive: "frame-src https: jetpack.wordpress.com widgets.wp.com".`
 * Upon inspection, I see that jetpack is using an image data uri for the “like”
   iframe. Would it be possible to avoid using data uri’s as src of iframes? Perhaps
   just install the image locally and use the local file as frame-src (I’m guessing
   this is for lazy loading, until the actual source of the iframe is loaded from
   jetpack.wordpress.com).
    -  This topic was modified 6 years, 1 month ago by [JohnRDOrazio](https://wordpress.org/support/users/lwangaman/).

Viewing 1 replies (of 1 total)

 *  Plugin Support [KokkieH](https://wordpress.org/support/users/kokkieh/)
 * (@kokkieh)
 * [6 years, 1 month ago](https://wordpress.org/support/topic/avoid-data-uris-for-frame-src/#post-12749884)
 * Hi there,
 * Where exactly are you seeing data URIs? Inspecting the Like iframe in my browser
   I only see regular URLs for the different `src` attributes.
 * In any case, this sounds like a question for our developers, more than a support
   issue, so would you perhaps consider filing a GitHub issue instead where you 
   can provide more details on this?
 * [https://github.com/Automattic/jetpack/issues](https://github.com/Automattic/jetpack/issues)
 * If you have an idea on how to make this change you’re also more than welcome 
   to start your own pull request with a proposed fix.

Viewing 1 replies (of 1 total)

The topic ‘avoid data uri’s for frame-src’ is closed to new replies.

 * ![](https://ps.w.org/jetpack/assets/icon.svg?rev=2819237)
 * [Jetpack - WP Security, Backup, Speed, & Growth](https://wordpress.org/plugins/jetpack/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/jetpack/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/jetpack/)
 * [Active Topics](https://wordpress.org/support/plugin/jetpack/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/jetpack/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/jetpack/reviews/)

## Tags

 * [data URI](https://wordpress.org/support/topic-tag/data-uri/)
 * [headers](https://wordpress.org/support/topic-tag/headers/)

 * 1 reply
 * 2 participants
 * Last reply from: [KokkieH](https://wordpress.org/support/users/kokkieh/)
 * Last activity: [6 years, 1 month ago](https://wordpress.org/support/topic/avoid-data-uris-for-frame-src/#post-12749884)
 * Status: resolved