Title: Polylang without inline scripts
Last modified: October 23, 2020

---

# Polylang without inline scripts

 *  [adfisch](https://wordpress.org/support/users/adfisch/)
 * (@adfisch)
 * [5 years, 8 months ago](https://wordpress.org/support/topic/polylang-without-inline-scripts/)
 * Dear Polylang-team,
 * I’m a very happy user of your plug-in. However, there is one thing that could
   be improved for security reasons: Polylang uses an inline script to set the pll_language
   cookie accordingly. Recently, I have introduced Content Security Policies (CSP)
   at my customers’ websites in order to guard them against XSS attacks. However,
   their effect is limited when inline scripts cannot be disabled. Do you think 
   it would be possible to replace this inline script with a different solution?
 * More information on CSP and inline scripts can be found here:
    [https://developers.google.com/web/fundamentals/security/csp](https://developers.google.com/web/fundamentals/security/csp)
 * Thanks for your feedback.

The topic ‘Polylang without inline scripts’ is closed to new replies.

 * ![](https://ps.w.org/polylang/assets/icon-256x256.png?rev=3433336)
 * [Polylang](https://wordpress.org/plugins/polylang/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/polylang/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/polylang/)
 * [Active Topics](https://wordpress.org/support/plugin/polylang/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/polylang/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/polylang/reviews/)

 * 0 replies
 * 1 participant
 * Last reply from: [adfisch](https://wordpress.org/support/users/adfisch/)
 * Last activity: [5 years, 8 months ago](https://wordpress.org/support/topic/polylang-without-inline-scripts/)
 * Status: not a support question