CSP field settings | ww.wp.xz.cn

Resolved Trevor
(@betterwithtrevor)

2 years, 7 months ago
Hi there,

When I scan my website using PageSpeed Insights is flagging the following error related to CSP:

Severity

High – Host allowlists can frequently be bypassed. Consider using CSP nonces or hashes instead, along with ‘strict-dynamic’ if necessary.script-src

This is what I have in the CSP field:

script-src ‘self’ https://mywebsite.ca https://meet.mywebsite.ca https://googletagmanager.com;

I have cleared server cache and cloudflare cache.

What am I missing to make this warning go away? Thanks!
- This topic was modified 2 years, 7 months ago by Trevor.
- This topic was modified 2 years, 7 months ago by Trevor.

Viewing 2 replies - 1 through 2 (of 2 total)

Plugin Author Andrea Ferro
(@unicorn03)

2 years, 7 months ago

Hi, thanks for downloading the plugin I am Andrea.

I will check your issue and come back as soon as possible with the answer.
Plugin Author Andrea Ferro
(@unicorn03)

2 years, 7 months ago
Hi @betterwithtrevor, here I am back to you, I verified your issue regarding the CSP functionality when scanning with the PageSpeed tool.

In creating your CSP rules, I recommend some useful resources that I have personally tested and used:
- Check CSP test website csper.io/evaluator
- Check CSP Evaluator csp-evaluator.withgoogle.com
- CSP Content Security Policy Generator addons.mozilla.org
These resources will help you evaluate and generate effective CSP policies for your Web sites.

I am available for more information and thank you for the open topic.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘CSP field settings’ is closed to new replies.

2 replies
2 participants
Last reply from: Andrea Ferro
Last activity: 2 years, 7 months ago
Status: resolved