No unsafe-inline
No unsafe-inline helps you to build a Content Security Policy avoiding to use 'unsafe-inline' and 'unsafe-hashes'.
5(5 reviews)
·200 active installs·Updated 4 months agoAs of April 2026, No unsafe-inline is a WordPress csp plugin with 200 active installations and a 5/5 rating from 5 reviews. It has been downloaded 11K+ times in total. Requires WordPress 5.9+ and PHP 7.4+. Available on WordPress.org since 2022. Support resolution rate: 0%. Top alternative: Headers Security Advanced & HSTS WP.
5/55 reviews
200active installs
0%resolved
4 yearssince 2022
Overview
Content Security Policy (CSP) is a computer security standard introduced to prevent cross-site scripting (XSS), clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context.
Cross-site scripting (XSS) is a type of security vulnerability that can be found in some web applications.
XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users.
A cross-site scripting vulnerability may be used by attackers to bypass access controls like the same-origin policy.
Looking at National Vulnerability Database run by US NIST, more than 1100 (November 2025) vulnerabilities are reported as XSS for WordPress’ plugins and themes.
Keeping your site up-to-date with the latest versions of plugins and theme…
Screenshots
Ratings & Reviews
55 reviews
5 ★
5
4 ★
0
3 ★
0
2 ★
0
1 ★
0
Compatibility
| WordPress | 5.9+ requiredTested up to 6.9.4 |
| PHP | 7.4+ required |
Top Alternatives to No unsafe-inline
Frequently Asked Questions
Changelog
1.3.0
- Add management of trusted-types’ API directives
- Bug fix for PHP 8.4
- Avoid using replace on TrustedHTML
- Improve js to fix-style and prefilter override
Contributors
Plugin data sourced from WordPress.org. Analysis and metrics by PluginSift.