Hi @tell-me-Yes ! Thanks for the kind words! 😊
Important: You cannot just add those Hu-manity directives alone. They need to be combined with a base policy that allows WordPress to function.
Here’s a working CSP that includes both WordPress compatibility AND Hu-manity support:
default-src 'self'; script-src 'self' 'unsafe-inline' *.hu-manity.co; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; connect-src 'self' *.hu-manity.co; font-src 'self' data:; frame-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests
However, I would run a CSP scan to understand what your site uses in terms of third-party applications, WordPress, Elementor, etc. Otherwise, you could end up creating a rule that is too restrictive using only CSP rules for Hu-manity.
The suggestion from Hu-manity only shows what their service needs - it assumes you’ll add it to an existing policy, not use it as the complete policy.
Let me know if you need help customizing this further for your specific setup!
