Title: default-src ‘self’; img-src *; media-src * data:; Last modified: October 10, 2024 --- # default-src ‘self’; img-src *; media-src * data:; * Resolved [fuzzy21](https://wordpress.org/support/users/fuzzy21/) * (@fuzzy21) * [1 year, 6 months ago](https://wordpress.org/support/topic/default-src-self-img-src-media-src-data/) * We are report only now, but it looks like the plugin is adding this x-content- security-policy: default-src ‘self’; img-src *; media-src * data:; to the header. Yet, we do have some img-src specified. Do the * get removed when we go to enforcing? * Aren’t the X- older style anyhow? Viewing 4 replies - 1 through 4 (of 4 total) * Plugin Author [Giuseppe](https://wordpress.org/support/users/mociofiletto/) * (@mociofiletto) * [1 year, 6 months ago](https://wordpress.org/support/topic/default-src-self-img-src-media-src-data/#post-18068470) * Please, post a link to the page with this issue and let me know what do you have in your Base Rules’ tab. * This plugin has a function to reduce img-src to * if the CSP policy header generated is too long (see: [https://github.com/MocioF/No-unsafe-inline/blob/2aa46f952220aba9648dac86bf092d7a86a8bcd4/public/class-no-unsafe-inline-public.php#L400](https://github.com/MocioF/No-unsafe-inline/blob/2aa46f952220aba9648dac86bf092d7a86a8bcd4/public/class-no-unsafe-inline-public.php#L400)), but I think you are deploying a CSP with another mechanism or plugin. * Thread Starter [fuzzy21](https://wordpress.org/support/users/fuzzy21/) * (@fuzzy21) * [1 year, 6 months ago](https://wordpress.org/support/topic/default-src-self-img-src-media-src-data/#post-18071812) * This site is internal, so cannot show it. * > [View post on imgur.com](https://imgur.com/cRrqGTu) * > [View post on imgur.com](https://imgur.com/FsfQurO) - This reply was modified 1 year, 6 months ago by [fuzzy21](https://wordpress.org/support/users/fuzzy21/). * Plugin Author [Giuseppe](https://wordpress.org/support/users/mociofiletto/) * (@mociofiletto) * [1 year, 6 months ago](https://wordpress.org/support/topic/default-src-self-img-src-media-src-data/#post-18072897) * Sorry [@fuzzy21](https://wordpress.org/support/users/fuzzy21/), but this plugin does never deploy the x-content-security-policy HTTP header, but only the Content- Security-Policy or the Content-Security-Policy-Report-Only headers. * Thread Starter [fuzzy21](https://wordpress.org/support/users/fuzzy21/) * (@fuzzy21) * [1 year, 6 months ago](https://wordpress.org/support/topic/default-src-self-img-src-media-src-data/#post-18074627) * I found another csp plugin that I was testing, sorry for the noise. Viewing 4 replies - 1 through 4 (of 4 total) The topic ‘default-src ‘self’; img-src *; media-src * data:;’ is closed to new replies. * ![](https://ps.w.org/no-unsafe-inline/assets/icon-256x256.png?rev=2699768) * [No unsafe-inline](https://wordpress.org/plugins/no-unsafe-inline/) * [Frequently Asked Questions](https://wordpress.org/plugins/no-unsafe-inline/#faq) * [Support Threads](https://wordpress.org/support/plugin/no-unsafe-inline/) * [Active Topics](https://wordpress.org/support/plugin/no-unsafe-inline/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/no-unsafe-inline/unresolved/) * [Reviews](https://wordpress.org/support/plugin/no-unsafe-inline/reviews/) * 4 replies * 2 participants * Last reply from: [fuzzy21](https://wordpress.org/support/users/fuzzy21/) * Last activity: [1 year, 6 months ago](https://wordpress.org/support/topic/default-src-self-img-src-media-src-data/#post-18074627) * Status: resolved