Content Security Policy Manager
Plugin for configuring Content Security Policy headers for your site. Allows different CSP headers for admin, logged inn frontend and regular visitors
4.3(6 reviews)
·2.0K+ active installs·Updated 3 years agoAs of April 2026, Content Security Policy Manager is a WordPress csp plugin with 2.0K+ active installations and a 4.3/5 rating from 6 reviews. It has been downloaded 33K+ times in total. Requires WordPress 4.6+ and PHP 7.2+. Available on WordPress.org since 2020. Last updated 3 years ago — may have compatibility concerns. Downloads are down 17% this week. Top alternative: Headers Security Advanced & HSTS WP.
4.3/56 reviews
2.0K+active installs
33K+total downloads
6 yearssince 2020
Overview
Content Security Policy Manager is a WordPress plugin that allows you to easily configure Content Security Policy headers for your site. You can have different CSP headers for the admin interface, the frontend for logged in users, and the frontend for regular visitors. The CSP directives can be individually enabled, and each policy can be set to enforce, report or be disabled.
Please note that this plugin offers limited help in figuring out what the contents of the policy should be. It only lets you configure the CSP in a easy to use interface.
Ratings & Reviews
4.36 reviews
5 ★
5
4 ★
0
3 ★
0
2 ★
0
1 ★
1
Recent Reviews
Report To not working
by ningmorris·2 years ago
Hello,
Since report-uri is no longer recommended anymore, I need to use report-to to send CSP reports. But for reason, it doesn’t send reports with report-to. My CSP settings are as follows:
In Policy: report-to filed, I filled in csp-endpoint , in Frontend Policy Report-To Header field, I filled in the following JSON data
{
"group": "csp-endpoint",
"max_age": 10886400,
"endpoints": [
{
"url": "{CSP REPORT ENDPOINT}"
}
]
}After saving changes in the CMS, all the commas disappeared in Frontend Policy Report-To Header field.
{ "group": "csp-endpoint" "max_age": 10886400 "endpoints": [ { "url": "{CSP REPORT ENDPOINT}" } ] }I am wondering if you can help to take a look at it, thanks! Note: I have no problem with report-uri.
- This topic was modified 2 years, 8 months ago by ningmorris.
kills all CSS styles
by rintelengrafik·3 years ago
As soon as I leave the backend the view of my side is without any CSS. Only the plain HTML.
Very helpful and useful plugin. do you provide filters ?
by buzibuzi·3 years ago
We are really happy with this plugin.
im wondering if you provide a filter so i can merge some dynamic ‘nonce-xx’ to the policy header. this could be very very useful.
I like all the options for logged-in versus anonymous and report-only
by Jason Robinson·3 years ago
This plugin is well thought out and does what I need it to. It has also helped me troubleshoot other website’s CSP that wasn’t working correctly, and the documentation is solid if brief.
Extraordinaire !
by jeebeezebee·4 years ago
Ce plugin m;a fait gagner des heures de travail.
Download Trends
Today: 10Yesterday: 5This week: 76Period total: 4K
Compatibility
| WordPress | 4.6+ requiredTested up to 6.1.10 |
| PHP | 7.2+ required |
Version Adoption
v1.2
98.8%
v1.1
1.1%
Top Alternatives to Content Security Policy Manager
Frequently Asked Questions
Changelog
This plugin’s development happens in its GitHub repo. Feel free to send bug reports there.
1.2.1
- Fix error caused by improperly checking the chosen CSP mode when outputting headers (thanks @reatlat).
1.2.0
- Improved UI, with CSP directives divided into collapsible categories.
- Add all remaining non-deprecated CSP directives.
- Warn if enabli…
Contributors
Plugin data sourced from WordPress.org. Analysis and metrics by PluginSift.