CSP Connect Sources

Description: Controls which endpoints your site can connect to (AJAX, APIs) via CSP connect-src (Pro).

How it works: builder_connect_src and builder_connect_mode define allowed origins for fetch/XHR/WebSocket connections.

How to access / configure:

  1. WP Admin → AegisShield → Security Headers → CSP Builder.
  2. Open Connect settings.
  3. Add API domains and Save Changes.

Recommended setting: Only allow your own domain and required external APIs (payments, analytics, etc.).