Adds a strict policy CSP header to Kirby projects.
Uses Kirby’s native nonce feature (used for the panel) to add a strict nonce-based content security policy header to all Kirby responses.
composer require kenshodigital/kirby-csp ^1.0The plugin is not configurable and just follows the latest best practices.
However, scripts in your frontend are expected to include a nonce and the Kirby docs already provide a good example for this.
<script nonce="<?= $kirby->nonce() ?>">…</script>