I am trying to secure an A+ rating for a wordpress installation running gravity forms.
can only get a maximum of an A rating as the Content-Security-Policy requires ‘unsafe-inline’ (removing it disables the forms) ‘unsafe-eval’ (removing it disables entries export) to display and run gravity forms.
Can anyone advise what CSP settings allow GF to operate properly?
header("Content-Security-Policy: default-src ‘self’ ‘unsafe-inline’ ‘unsafe-eval’ https: ; ");
Any help welcome.