Cookies and Content Security Policy


Block cookies and unwanted external content by setting Content Security Policy. A modal will be shown on the front end to let the visitor choose what kind of resources to accept. It also adds a layer of security for your site since iframes, scripts and images from unknown domains are blocked.


  • First modal

  • Second modal

  • Banner, replaces first modal


Search for Cookies and Content Security Policy under Plugins on your WordPress install or download and:

  1. Upload cookies-and-content-security-policy to the /wp-content/plugins/ directory
  2. Activate the plugin through the ‘Plugins’ menu in WordPress
  3. Go to Settings > Cookies and Content Security Policy


Does this make my site GDPR compliant?

Yes, if you set it up right.

How do I know what resources are used on my site?

After install, open a console and see what is blocked by Content Security Policy. Then just go to the settings and white list all domains you want to accept.

The settings does not seem to have an effect. What do I do?

In some cases (like WP Engine) cookies are cached. Just contact them and ask them to uncache the cookies_and_content_security_policy cookie.

Can you show me some examples of sites using this plugin?
Is the plugin responsive?


Is the plugin translatable?

Yes, all texts are translatable. There is a .pot file. It’s available in English and Swedish for the admin, but you can add your own translations. And all texts on the front end can be changed in the admin. If you are using WPML or PolyLang, there is also support for multilanguage translations.

Can I change the look of it?

Yes, there are settings for using a modal or a banner. Also you can choose if the site should be locked behind the modal or if the site should be usable without setting your preferences. You can also change the colors of everything. And if you want you can disable the css entirely and use your own.

Does it include a cookie policy page?

No, but you can make your own, and in the settings you can select it and the modal won’t show there so that the user can read it without accepting first.

What if the user wants to change their settings?

You can add a link anywhere on your site that links to #cookiesAndContentPolicySettings and clicking that will open the settings.

Are the css and js files minified?

Yes, but you also get them unminified and the css also comes as SASS so you can change anything.


March 10, 2020
Not only does it actually comply with the GDPR (a lot of other plugins have already saved cookies when the popup shows ;)), it is very easy to use and easy to understand.
Read all 3 reviews

Contributors & Developers

“Cookies and Content Security Policy” is open source software. The following people have contributed to this plugin.


“Cookies and Content Security Policy” has been translated into 1 locale. Thank you to the translators for their contributions.

Translate “Cookies and Content Security Policy” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.



  • Css for accepted type


  • Check for blank iframes


  • Uninstall for new values


  • Encode js mail link subject


  • Support for X-Content-Security-Policy
  • Better debug placement
  • Advanced settings
  • Visible warning for blocked iframes
  • Saving bug in mobile Safari fixed
  • More help texts
  • No texts must be edited, everything has default values


  • Versioning, SVN is not my friend


  • Added possibility to use the settings as a meta tag instead, if the host does not accept setting php header()


  • Translations


  • Coding standards


  • WP_DEBUG, clean


  • Added support for forms


  • Screenshot text, and active settings value


  • Assets


  • Assets and Contributors


  • Ready for the world!


  • List width


  • Minor fixes


  • Securing


  • Sanitize


  • Nonce


  • Uninstall


  • WPML config for Cookie policy page id


  • Admin referrer


  • Initial release