Alex Sung

Hi Nathan,

I apologize for the late response. The issue with question 1 has been fixed by resetting the .htaccess file to the default WordPress settings.

However, the problem with question 2 still persists due to a conflict with another plugin (Translate WordPress with GTranslate) which causing it unable to load where Simply Schedule Appointments Booking Plugin short code has been implemented on the homepage (https://swha.online) only.

Would you be able to help to resolve the plugin conflict?

As for the Content Security Policy, it’s only implemented by default Cloudflare CDN, where the x-frame-options are set to SAMEORIGIN just as you recommended.

CSP scan result : https://showdns.net/csp-checker/swha.online

Best Regards,
Alex Sung

Thank you so much for your detailed clarification.

Scenario 1
In that case, it would be best to remove the predetermined CSP sections (highlighted in the image below) and instead label them as a custom header.

In this way, users can decide how they want to fill it out based on their specific needs.

It might also be helpful if you can help to create a guide on how users can manage their CSP.

Scenario 2
We shall also consider avoid generating lengthy fields mainly because users can do their own testing. If we make it too long, it could be hard to troubleshoot for cases that it may just crash the whole site.

Plus, it’s easier for them to preview and make quick adjustments without having to read through a complicated and lengthy field.

Even if user have a lot of custom header sections, you might want to think about rewriting your code to combine all those sections into one single header.

Best Regards,
Alex Sung