This plugin hasn’t been tested with the latest 3 major releases of WordPress. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.

Content Security Policy


Content Security Policy prevents content injection attacks by allowing admins to specify which sites they trust to serve JavaScript and other types of content in their site. Any content which is not explicitly allowed by the policy will be blocked from loading.

The Content Security Policy plugin provides WordPress administrators a mechanism to specify a custom policy, or adopt a recommended policy based on the types and sources of content present in their site.

Tested in Firefox 3.6 and Firefox 4, Chrome 10, and Safari 5.


  • CSP configuration page making a policy reccommendation.
  • New panel in media uploader allows direct creation of script files in the uploads directory.
  • CSP configuration page in Chrome.
  • CSP configuration page in Safari.


  1. Upload to the /wp-content/plugins/ directory and unzip
  2. Activate the plugin through the ‘Plugins’ menu in WordPress
  3. Configure a policy for your site in the ‘Settings > CSP menu

Contributors & Developers

“Content Security Policy” is open source software. The following people have contributed to this plugin.




  • Updated to be compatible with WordPress 3.0 and WordPress 3.1
  • Removed json.js (since WordPress ships w/ jQuery 1.4 now)
  • Added “restore default settings” button
  • Fixed a layout bug in the CSP Settings Page
  • Fixed JSON encoding bug in the list of posts to analyze


  • Fixed origin mismatch problem for https:// admin page users


  • Initial release