in mitigating the risk of cross-site scripting and other content-injection attacks I set up a Content Security Policy which whitelists trusted sources of content for my site.
In crafting a reasonable policy for my site i have set out to creating a whitelist of scripts, I needed to know the different sources of scripts loaded by wordpress as it is impossible to come up with a reasonable policy without this details.
I was wondering if anyone has dealt with this issue on their site.
I would appreciate feedback.
Regards to all.