This plugin adds a strict Content Security Policy (CSP) to your site's frontend and login pages, helping to prevent cross-site scripting (XSS) attacks. It is designed for site administrators and developers who prioritize security and want to mitigate risks from malicious script injection.

Strict CSP enforcement: Applies a Content Security Policy that blocks inline scripts and scripts from unauthorized sources, requiring all scripts to be loaded via approved methods.

Nonce-based script validation: Automatically adds cryptographic nonces to scripts that are properly enqueued through the CMS's APIs, allowing legitimate scripts to execute while blocking others.

Login page protection: Extends the strict CSP to the login screen, securing authentication pages against script-based attacks.

Embed script handling: Ensures scripts from embedded content (like social media widgets) receive the necessary nonce attributes to function under the policy.

Compatibility focus: Works with themes and plugins that follow standard practices for adding scripts, encouraging secure coding patterns.