Title: HTTP Header Security
Last modified: October 17, 2017

---

# HTTP Header Security

 *  [Jerrad](https://wordpress.org/support/users/jjgleim/)
 * (@jjgleim)
 * [8 years, 6 months ago](https://wordpress.org/support/topic/http-header-security/)
 * I have been working on hardening the security on my website and one of the places
   I have been focusing is HTTP Headers. I am getting an error on my **HTTP Header
   Content Security Policy** where your plugin/widget requires ‘unsafe-eval’ to 
   allow your widget to work for script-src. Allowing ‘unsafe-eval’ can allow notorious
   XSS attack vectors to happen on websites. Hackers all the time look at security
   on websites and if they see ‘unsafe-eval’ being allowed in the header, this could
   cause all sorts of problems.
 * Is there a way to include the script files in the plugin rather than deploying
   them in this manner?
 * Thanks,
 * Jerrad

The topic ‘HTTP Header Security’ is closed to new replies.

 * ![](https://ps.w.org/userway-accessibility-widget/assets/icon.svg?rev=2526447)
 * [Accessibility by UserWay](https://wordpress.org/plugins/userway-accessibility-widget/)
 * [Support Threads](https://wordpress.org/support/plugin/userway-accessibility-widget/)
 * [Active Topics](https://wordpress.org/support/plugin/userway-accessibility-widget/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/userway-accessibility-widget/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/userway-accessibility-widget/reviews/)

## Tags

 * [UserWay](https://wordpress.org/support/topic-tag/userway/)

 * 0 replies
 * 1 participant
 * Last reply from: [Jerrad](https://wordpress.org/support/users/jjgleim/)
 * Last activity: [8 years, 6 months ago](https://wordpress.org/support/topic/http-header-security/)
 * Status: not resolved