- Posts
Hello,
I’m facing an issue with W3 Total Cache in a WordPress Bitnami Multisite environment running on Apache (AWS).
Scenario: We need to implement a dynamic Content-Security-Policy (CSP) header with a unique nonce on each page load for security (compliance reasons).
Previously, we used PHP (via functions.php and output buffering) to inject the nonce and dynamically set the CSP header for each request. However, when Page Cache is active in Enhanced Mode, the dynamic CSP headers do not work properly on cached pages. Currently, to set a custom CSP header, we need to disable Page Cache, which negatively impacts performance.
What we’ve tried:
If we globally change the Page Cache method to Basic, the custom header works (by activating “Set header” in W3 settings), but:
W3 does not allow using Basic mode for just a few sites on the network (it is global).
Basic mode limits performance and features compared to Enhanced mode.
Question:
Is there a recommended way to deliver dynamic CSP headers with nonce per request and still keep Page Cache (Enhanced Mode) active for all sites?
Is there a workaround, best practice, or integration to achieve this?Any guidance or experience with similar setups is greatly appreciated. Thank you!
Hello Nelson,
Thank you for reaching out, and I am happy to help!
Let me check this with the W3 Total Cache team, and I’ll get back to you once I have more information about this.Thanks!
Viewing 2 posts - 1 through 2 (of 2 total)
Viewing 2 posts - 1 through 2 (of 2 total)
