Title: Content Security Policy
Last modified: August 22, 2016

---

# Content Security Policy

 *  Resolved [Slams](https://wordpress.org/support/users/slams/)
 * (@slams)
 * [11 years, 3 months ago](https://wordpress.org/support/topic/content-security-policy-1/)
 * Hi there!
    Can I add CSP header using your plugin?
 * [https://wordpress.org/plugins/add-headers/](https://wordpress.org/plugins/add-headers/)

Viewing 6 replies - 1 through 6 (of 6 total)

 *  Plugin Author [George Notaras](https://wordpress.org/support/users/gnotaras/)
 * (@gnotaras)
 * [11 years, 3 months ago](https://wordpress.org/support/topic/content-security-policy-1/#post-5685581)
 * Hello! Yes this is possible. The headers generated by the plugin can be filtered
   just before they are sent by attaching a filtering function to the `addh_headers`
   filter. Sample code:
 *     ```
       function addh_add_custom_headers( $headers ) {
           $headers[] = 'X-Custom-Header-1: foo-bar';
           $headers[] = 'X-Custom-Header-2: ...';
           return $headers;
       }
       add_filter( 'addh_headers', 'addh_add_custom_headers', 10, 1 );
       ```
   
 * This code can be added in the `functions.php` file of the theme or in a plugin
   with customizations.
 * Hope it helps.
 * George
 *  Thread Starter [Slams](https://wordpress.org/support/users/slams/)
 * (@slams)
 * [11 years, 3 months ago](https://wordpress.org/support/topic/content-security-policy-1/#post-5685594)
 * Good news!
 * I’m trying to exclude CSP header on iOS Safari and can’t do this with .htaccess
   correctly. Will try using your plugin. Thank you!
 *  Plugin Author [George Notaras](https://wordpress.org/support/users/gnotaras/)
 * (@gnotaras)
 * [11 years, 3 months ago](https://wordpress.org/support/topic/content-security-policy-1/#post-5685597)
 * Not sure if exclusion is possible. It depends on which piece of software generates
   the CSP header. Possibly this has to be done at the web server level.
 * George
 *  Thread Starter [Slams](https://wordpress.org/support/users/slams/)
 * (@slams)
 * [10 years, 7 months ago](https://wordpress.org/support/topic/content-security-policy-1/#post-5685900)
 * Good day,
 * How this filter work after new release?
 * I’ve got only:
 *     ```
       1               Vary: User-Agent
       ^               ^
       header name     attribute
       ```
   
 *     ```
       function addh_add_custom_headers( $headers ) {
          //variabels removed, just for example
          $headers[] = "Content-Security-Policy: $default_src $script_src $object_src $style_src $img_src $media_src $frame_src $font_src $connect_src $report";
           $headers[] = "Vary: User-Agent";
           return $headers;
       }
       add_filter( 'addh_headers', 'addh_add_custom_headers', 10, 1 );
       ```
   
 * Thank you in advance!
 *  Thread Starter [Slams](https://wordpress.org/support/users/slams/)
 * (@slams)
 * [10 years, 7 months ago](https://wordpress.org/support/topic/content-security-policy-1/#post-5685901)
 * Okay, I’ve found by myself what I need to do.
 *     ```
       function addh_add_custom_headers( $headers ) {
          //variabels removed, just for example
          $headers['Content-Security-Policy'] = "$default_src $script_src $object_src $style_src $img_src $media_src $frame_src $font_src $connect_src $report";
           $headers['Vary'] = "User-Agent";
           return $headers;
       }
       add_filter( 'addh_headers', 'addh_add_custom_headers', 10, 1 );
       ```
   
 * Pleas, update you FAQ “Add custom headers”
 * Have a nice day!
 *  Plugin Author [George Notaras](https://wordpress.org/support/users/gnotaras/)
 * (@gnotaras)
 * [10 years, 7 months ago](https://wordpress.org/support/topic/content-security-policy-1/#post-5685902)
 * Hi [@slams](https://wordpress.org/support/users/slams/),
 * Fixed the docs. I’m sorry about that.
 * Glad you have sorted it out. This is the way to add headers in 2.X.
 * Kind Regards,
    George

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘Content Security Policy’ is closed to new replies.

 * ![](https://s.w.org/plugins/geopattern-icon/add-headers.svg)
 * [Add Headers](https://wordpress.org/plugins/add-headers/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/add-headers/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/add-headers/)
 * [Active Topics](https://wordpress.org/support/plugin/add-headers/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/add-headers/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/add-headers/reviews/)

 * 6 replies
 * 2 participants
 * Last reply from: [George Notaras](https://wordpress.org/support/users/gnotaras/)
 * Last activity: [10 years, 7 months ago](https://wordpress.org/support/topic/content-security-policy-1/#post-5685902)
 * Status: resolved