A lot of things listed as being included in CSP, but don’t see them in header

Hi @jamminjames,

Thanks for your topic I am glad you use the plugin and confemme that I have solved the problem to receive all notifications like these to respond as soon as possible.

I confirm that the CSP list I describe below has been tested and used with the plugin. For the implementation to avoid using too long or unused CSPs of the user’s website, I recommended a tool that scans back-end and front-end to provide you with the CSP rules you use (you can use another tool if you prefer).

CSP Content Security Policy Generator addons.mozilla.org

1. Manually adding entries? Yes, currently, some CSP directives need to be manually configured. This ensures flexibility, allowing users to tailor security settings to their specific needs. That said, we’re always open to improving the process based on feedback.
2. Strict-Dynamic & Nonces: You’re correct! To fully leverage strict-dynamic, nonces are required for inline scripts. If this is something you’d find useful, we’d love to hear more about your use case!
   • This function is my priority for version 5.0.44

• CSP usage for Google Tag Manager
  world’s most popular tag manager
• Using CSP for Gravatar
  Avatar service for WordPress and Social sites
• Using CSP for WordPress Internal Media
  support WordPress media
• Using CSP for Youtube Embedded Video SDK
  support Youtube embedded frames and JS SDK
• CSP usage for CookieLaw
  privacy technology to meet regulatory requirements
• CSP usage for Mailchimp
  support for Mailchimp automation, SDK and modules
• CSP usage for Google Analytics
  support for basic conversion domains such as: stats.g.doubleclick.net and http://www.google.com
• CSP usage for Google Fonts
  you’re not loading it on the page, chances are one of your SDKs is using it
• Using CSP for Facebook
  support Facebook SDK functionality
• Using CSP for Stripe
  highly secure online payment system
• Using CSP for New Relic
  it’s a registration and monitoring utility
• Using CSP for Linkedin Tags + SDKs
  support Linkedin Insight, Linkedin Ads and SDK
• Using CSP for OneTrust
  OneTrust support helps companies manage privacy requirements
• CSP usage for Moat
  Moat support to measurement suite such as: ad verification, brand safety, advertising and coverage
• CSP usage for jQuery
  support of jQuery – JS library
• CSP usage for Twitter Widgets & SDKs
  support Connect, Widgets and the Twitter client-side SDK
• Using CSP for Google Maps
  support Google Maps as The ggpht used by streetview
• Using CSP for Quantcast Choice
  Quantcast support for privacy such as GDPR and CCPA
• CSP usage for Twitter Ads & Analytics
  Twitter support for advertising and Analytics
• Using CSP for Paypal
  PayPal support for online payment system
• Using CSP for Drift
  Drift and Driftt support
• CSP usage for Cookiebot
  cookie and tracker support, GDPR/ePrivacy and CCPA compliance
• CSP usage for Vimeo Embedded Videos SDK
  support frames, JS SDK, Froogaloop integration
• Using CSP for AppNexus (now Xandr)
  AppNexus support for custom retargeting
• Using CSP for Mixpanel
  support analytics tool with SDK/JS to collect client-side data
• Using CSP for Font Awesome
  toolkit support for fonts and icons over CSS and Less
• Using CSP for Google reCAPTCHA
  reCAPTCHA support for fraud and bot protection
• CSP usage for Bootstrap CDN
  Bootstrap support for CSS frameworks
• Using CSP for HubSpot
  Hubspot support with many features, used for monitoring and mkt functionality
• Using CSP for Hotjar
  Hotjar tracker support for analytics and metrics
• Using CSP for WP.com
  support for wp.com hosting
• Using CSP for Akamai mPulse
  support for Akamai mPulse, for origin and perimeter integrations
• CSP usage for Cloudflare – Rocket-Loader & Mirage
  support for Mirage libraries for performance acceleration
• Using CSP for Cloudflare – CDN.js
  Cloudflare’s open CDN support with multiple libraries
• Using CSP for jsDelivr
  support jsDelivr free CDN for Open Source