Q. My site stopped displaying correctly after I configured CSP (Content Security Policy)
A. Your CSP settings are too strict, causing legitimate scripts and stylesheets to be blocked.
Emergency Fix
First, restore your site's display.
- Go to SentinelSecurity → Security Header Settings (the admin panel is not affected by CSP)
- Either disable CSP or switch to Report-Only (Learning) mode
- Click Save
- Verify that the site's front end is displaying correctly
/wp-content/plugins/sentinel-security folder to disable the plugin.
Proper CSP Deployment Steps
It is critical to deploy CSP gradually.
Step 1: Smart Scan
Use the Smart Scan feature to automatically scan the origins of resources used on your site (scripts, stylesheets, images, fonts, etc.). This will generate a list of domains that need to be allowed.
Step 2: Learn with Report-Only Mode
Set the CSP mode to Report-Only (Learning) and run it for 1–2 weeks. In this mode, resources are not actually blocked — only policy violations are recorded as reports.
Step 3: Review Violation Logs
Check the CSP Violation Log and add legitimate resources (your own site's scripts, Google Analytics, CDN fonts, etc.) to the policy.
Step 4: Switch to Enforce Mode
Once violations have been sufficiently reduced, switch to Enforce mode.
Common Causes
| Blocked Resource | Fix |
|---|---|
| Google Fonts | Add https://fonts.googleapis.com and https://fonts.gstatic.com to font-src |
| Google Analytics | Add https://www.googletagmanager.com to script-src and connect-src |
| Inline scripts | Add 'unsafe-inline' to script-src (not recommended, but necessary in some cases) |
| CDN stylesheets | Add the CDN domain to style-src |