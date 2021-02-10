Hello,

I have a WordPress website and checked it with https://securityheaders.com/ website and it show me an error about “Content Security Policy (CSP)” header. I changed my Apache configuration and added below line to it:

Header set Content-Security-Policy "default-src 'self';"

But after it, my website style messed up and some parts of it like links can’t work. The Chromium console tell me:

Content Security Policy blocks inline execution of scripts and stylesheets The Content Security Policy (CSP) prevents cross-site scripting attacks by blocking inline execution of scripts and style sheets.

To solve this, move all inline scripts (e.g. onclick=[JS code]) and styles into external files.

Allowing inline execution comes at the risk of script injection via injection of HTML script elements. If you absolutely must, you can allow inline script and styles by:

adding unsafe-inline as a source to the CSP header

adding the hash or nonce of the inline script to your CSP header. 109 directives

Directive Element Source code Status

How can I solve it?

Thank you.