Title: Content Security Policy – Two-Factor Last modified: July 30, 2021 --- # Content Security Policy – Two-Factor * [bulls_shark](https://wordpress.org/support/users/bulls_shark/) * (@bulls_shark) * [4 years, 9 months ago](https://wordpress.org/support/topic/content-security-policy-two-factor/) * Hello with these settings, the login page forwards to a 502 Bad Gateway. * Error messages: * ModSecurity: collection_store: Failed to access DBM file “/ var / cache / modsecurity/ apache-default_SESSION”: No such file or directory [hostname “domain”] [uri “/ wp-admin/options-general.php”] [unique_id “YQPoo3yFWClisVU3eAV6DQAAAAA”] * ModSecurity: collection_store: Failed to access DBM file “/ var / cache / modsecurity/ apache-ip”: No such file or directory [hostname “Domain”] [uri “/wp-login.php”][ unique_id “YQPoqOnqiB6myKC8sPU2AwAAAAw”] , referer: [https://domain.com/wp-login.php?itsec-hb-token=no2sec3saf1me](https://domain.com/wp-login.php?itsec-hb-token=no2sec3saf1me) * Please thank you for support * **Content-Security-Policy** * `Header set Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe- inline' 'unsafe-eval' https://seal.godaddy.com/* netdna.bootstrapcdn.com addevent. com seal.godaddy.com s.seekda.com switch.seekda.com ibe.seekda.com static.seekda. com cloud.seekda.com https://maps.googleapis.com https://*.googleapis.com *.google- analytics.com *.google.com https://ajax.googleapis.com; style-src 'self' 'unsafe- inline' https://seal.godaddy.com/* https://netdna.bootstrapcdn.com static.seekda. com cloud.seekda.com *.cloudfront.net *.urlaubambauernhof.at https://fonts.googleapis. com; img-src 'self' https://qr-code.ithemes.com/ res.cloudinary.com static.seekda. com images.seekda.net https://images-eu.ssl-images-amazon.com/ https://ws-eu. amazon-adsystem.com/ https://secure.gravatar.com https://s.w.org https://wordpress. org https://ps.w.org data:; connect-src 'self' *.seekda.com; font-src 'self' netdna.bootstrapcdn.com static.seekda.com https://fonts.gstatic.com data:; media- src 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'self'; frame- src 'self' *.seekda.com https://ws-eu.amazon-adsystem.com/ https://www.google. com; base-uri 'none'"` * It would be great if you can integrate the “https headers” directly into your plugin. The topic ‘Content Security Policy – Two-Factor’ is closed to new replies. * ![](https://ps.w.org/better-wp-security/assets/icon.svg?rev=2980272) * [Solid Security – Password, Two Factor Authentication, and Brute Force Protection](https://wordpress.org/plugins/better-wp-security/) * [Frequently Asked Questions](https://wordpress.org/plugins/better-wp-security/#faq) * [Support Threads](https://wordpress.org/support/plugin/better-wp-security/) * [Active Topics](https://wordpress.org/support/plugin/better-wp-security/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/better-wp-security/unresolved/) * [Reviews](https://wordpress.org/support/plugin/better-wp-security/reviews/) * 0 replies * 1 participant * Last reply from: [bulls_shark](https://wordpress.org/support/users/bulls_shark/) * Last activity: [4 years, 9 months ago](https://wordpress.org/support/topic/content-security-policy-two-factor/) * Status: not resolved