Title: CSP Friendly Security
Author: Pascal CESCATO
Published: <strong>April 21, 2022</strong>
Last modified: January 1, 2026

---

Search plugins

![](https://ps.w.org/csp-antsst/assets/banner-772x250.png?rev=2712423)

![](https://ps.w.org/csp-antsst/assets/icon-128x128.png?rev=2712423)

# CSP Friendly Security

 By [Pascal CESCATO](https://profiles.wordpress.org/pcescato/)

[Download](https://downloads.wordpress.org/plugin/csp-antsst.1.5.2.zip)

 * [Details](https://wordpress.org/plugins/csp-antsst/#description)
 * [Reviews](https://wordpress.org/plugins/csp-antsst/#reviews)
 *  [Installation](https://wordpress.org/plugins/csp-antsst/#installation)
 * [Development](https://wordpress.org/plugins/csp-antsst/#developers)

 [Support](https://wordpress.org/support/plugin/csp-antsst/)

## Description

Adds a CSP header compatible with most WP plugins without breaking styles.

## Installation

 * Extract the zip file and drop the contents in wp-content/plugins/ or install 
   via dashboard.
 * Activate the plugin. No settings required.

## FAQ

### Is there something to do after install?

Just activate it!

## Reviews

![](https://secure.gravatar.com/avatar/f50bbf43bd170e32ee9e71eabb62a981cd6af5c947783b2af93c21554bacbea6?
s=60&d=retro&r=g)

### 󠀁[Great plugin](https://wordpress.org/support/topic/great-plugin-37270/)󠁿

 [amanandhishoe](https://profiles.wordpress.org/amanandhishoe/) July 24, 2023

I downloaded this plugin and modified it for my site. I would recommend doing that.
The plugin hooks into the ‘template_redirect’ hook. At that point the source for
the page has been generated by themes and plugins and is ready to be sent. The plugin
looks through the generated source and makes nonces for all inline scripts and styles.
It modifies the source so the inline scripts and styles have a nonce=’some-nonce’
statement in them. It creates a Content-Security-Policy which includes those nonces.
However, each site has its own CSP needs, and so modifying the plugin to tailor 
the CSP to your site is not that difficult to do. That is what I have done.

![](https://secure.gravatar.com/avatar/9b95bfa4d1616d47a8ecea5e0edbd6be48a8db11943e7b3cea85f3849dfff88d?
s=60&d=retro&r=g)

### 󠀁[total cache compatibility issues](https://wordpress.org/support/topic/total-cache-compatibility-issues/)󠁿

 [hayobethlehem](https://profiles.wordpress.org/hayobethlehem/) September 15, 2022

doesn’t seem to work properly with w3tc. hope it will get updated at some point.

![](https://secure.gravatar.com/avatar/a377c1c28361c49b0ca776512739f3c7dc746687b66385fc0144493475609335?
s=60&d=retro&r=g)

### 󠀁[Could be better](https://wordpress.org/support/topic/could-be-better-53/)󠁿

 [esadc](https://profiles.wordpress.org/esadc/) September 8, 2022

The plugin works as advertised however, it does not let you modify the CSP header
resulting in a less than ideal CSP header. The header this plugin serves provides
no protection against clickjacking and allows all external scripts.

![](https://secure.gravatar.com/avatar/5146f0764e00f8116c4d6c0e8af7d77da8aeba106cf2211a380a787fc18855eb?
s=60&d=retro&r=g)

### 󠀁[Satisfied!](https://wordpress.org/support/topic/satisfied-104/)󠁿

 [OkorieWare](https://profiles.wordpress.org/okorieware/) July 14, 2022

This is the most ‘straight to the point’ CSP tool that I’ve found. So far, so go.

 [ Read all 4 reviews ](https://wordpress.org/support/plugin/csp-antsst/reviews/)

## Contributors & Developers

“CSP Friendly Security” is open source software. The following people have contributed
to this plugin.

Contributors

 *   [ Pascal CESCATO ](https://profiles.wordpress.org/pcescato/)

[Translate “CSP Friendly Security” into your language.](https://translate.wordpress.org/projects/wp-plugins/csp-antsst)

### Interested in development?

[Browse the code](https://plugins.trac.wordpress.org/browser/csp-antsst/), check
out the [SVN repository](https://plugins.svn.wordpress.org/csp-antsst/), or subscribe
to the [development log](https://plugins.trac.wordpress.org/log/csp-antsst/) by 
[RSS](https://plugins.trac.wordpress.org/log/csp-antsst/?limit=100&mode=stop_on_copy&format=rss).

## Changelog

#### 1.5.1

 * Fixed plugin header for WP validation
 * Added short description

## Meta

 *  Version **1.5.2**
 *  Last updated **3 months ago**
 *  Active installations **200+**
 *  WordPress version ** 5.9 or higher **
 *  Tested up to **6.9.4**
 *  PHP version ** 7.3 or higher **
 * Tags
 * [content security policy](https://wordpress.org/plugins/tags/content-security-policy/)
   [csp](https://wordpress.org/plugins/tags/csp/)[Security Headers](https://wordpress.org/plugins/tags/security-headers/)
 *  [Advanced View](https://wordpress.org/plugins/csp-antsst/advanced/)

## Ratings

 3.5 out of 5 stars.

 *  [  2 5-star reviews     ](https://wordpress.org/support/plugin/csp-antsst/reviews/?filter=5)
 *  [  0 4-star reviews     ](https://wordpress.org/support/plugin/csp-antsst/reviews/?filter=4)
 *  [  1 3-star review     ](https://wordpress.org/support/plugin/csp-antsst/reviews/?filter=3)
 *  [  0 2-star reviews     ](https://wordpress.org/support/plugin/csp-antsst/reviews/?filter=2)
 *  [  1 1-star review     ](https://wordpress.org/support/plugin/csp-antsst/reviews/?filter=1)

[Your review](https://wordpress.org/support/plugin/csp-antsst/reviews/#new-post)

[See all reviews](https://wordpress.org/support/plugin/csp-antsst/reviews/)

## Contributors

 *   [ Pascal CESCATO ](https://profiles.wordpress.org/pcescato/)

## Support

Got something to say? Need help?

 [View support forum](https://wordpress.org/support/plugin/csp-antsst/)