How to determine CSP for Wordpress

apache2 wordpress content-security-policy

Use the header Content-Security-Policy-Report-Only first (Content-Security-Policy-Report-Only). This will allow you to test the policy and tune it. It works the same as the "regular" CSP header, except policy violations are not blocked, just reported.

You can use the free service https://report-uri.io/ to receive the reports.

Related

Any way to enable Amazon S3 Versioning for existing objects?
Postfix SSL-Intermediate-CA
Website is not following Cloudflare's Pagerules
Unmounting the root filesystem (/) for resizing without a rescue cd?
AWS CloudFormation: Internal Failure. Rollback requested by user
IMAP to Exchange 2013 migration: powershell cmdlets don't recognize -IMAP
Ubuntu /boot full
VLSM Segmentation
What exactly happens in the "graphic setup" of postfix?
Active Directory LDAP bind via X.509 client certificate authentication
Cannot create KDS Root Key - "Request is not supported"
How to post logs to Cloudwatch with CLI?