How to implement a Content Security Policy (CSP) in WordPress without breaking plugins?

So, you’re looking to beef up your WordPress site’s security with a Content Security Policy (CSP), but you’re worried about accidentally breaking all those essential plugins you rely on. That’s a super common concern! The good news is, it’s definitely doable. Implementing a CSP in WordPress without a plugin meltdown is all about a methodical approach, starting with understanding what CSP is and then carefully configuring it. It’s less about magic and more about a bit of patience and detective work.

What is a Content Security Policy (CSP) and Why Bother?

Think of CSP as a gatekeeper for your website’s content. It’s a security feature that tells the browser exactly which resources (like scripts, stylesheets, images, fonts, etc.) are allowed to be loaded and executed on your pages. In simpler terms, it restricts where your website can fetch content from.

This is incredibly powerful for preventing certain types of attacks, most notably Cross-Site Scripting (XSS). XSS attacks happen when malicious scripts are injected into your website, which then run in your visitors’ browsers. By defining a CSP, you’re telling the browser, “Only load scripts from these trusted sources,” effectively blocking any unauthorized scripts from running.

Before you even think about adding lines of code, the most crucial first step is understanding your current site’s content sources. This is where a lot of people stumble and end up breaking things. You need to know what your website loads and where it loads it from before you start restricting it.

Auditing Your Existing Content Sources

This is the detective work phase. You need to identify all the domains and sources your WordPress site currently pulls content from. This includes:

First-Party Content

These are resources hosted directly on your own domain.

Your WordPress Core Files: Scripts and styles that come with WordPress itself.
Your Theme’s Assets: Stylesheets, JavaScript files, images, and fonts provided by your theme.
Your Plugin’s Assets: JavaScript, CSS, images, fonts, and any other resources loaded by your plugins. This is a big one, and often the source of breakage.
Your Uploads Folder: Images and other media you’ve uploaded.

Third-Party Content

These are resources loaded from external domains.

CDN (Content Delivery Network): If you use a CDN for your assets.
External Fonts: Google Fonts, Adobe Fonts, etc.
Embedded Media: YouTube videos, Vimeo videos, SoundCloud players.
Analytics Scripts: Google Analytics, Matomo, etc.
Social Media Widgets: Facebook like buttons, Twitter feeds.
Advertising Scripts: Ad networks.
External JavaScript Libraries: Sometimes plugins or themes rely on libraries hosted elsewhere.

Tools to Help You Audit

Browser Developer Tools (Network Tab): This is your best friend. When you visit your website, open your browser’s developer tools (usually F12 or right-click -> Inspect) and go to the “Network” tab. Reload your page. You’ll see a list of every single resource requested. Filter by “JS” for scripts, “CSS” for stylesheets, “Img” for images, etc., and note down the domains.
Online CSP Evaluators: Websites like report-uri.com or online CSP checkers can scan your site and give you a report of potential CSP directives based on what they find. This is a good starting point but shouldn’t be your only source.

The `Content-Security-Policy` HTTP Header

CSP is primarily implemented via an HTTP header sent from your server. You can also theoretically use a tag, but HTTP headers are generally preferred because they offer more robust control and are less prone to certain injection issues.

The header looks something like this:

“`

Content-Security-Policy: default-src ‘self’; script-src ‘self’ ajax.googleapis.com; object-src ‘none’;

“`

Let’s break down the common directives you’ll encounter:

default-src: This is a fallback for other directives. If you don’t specify a directive for a resource type, it will fall back to default-src.
script-src: Controls where JavaScript can be loaded from. This is often the trickiest one for WordPress plugins.
style-src: Controls where CSS stylesheets can be loaded from.
img-src: Controls where images can be loaded from.
font-src: Controls where fonts can be loaded from.
connect-src: Controls where fetch, XMLHttpRequest, EventSource, and WebSocket requests can be made to.
object-src: Controls where plugins like Flash or Java applets can be loaded from (usually set to 'none').
media-src: Controls where audio and video can be loaded from.
frame-src: Controls where frames (like </code>) can be loaded from. <em>Note: <code>frame-src</code> is deprecated in favor of <code>child-src</code>, but many browsers still support it.</em></li> <li><strong><code>report-uri</code></strong>: Specifies a URL where the browser should send violation reports. This is crucial for learning what’s being blocked.</li> </ul> <p>And the common <em>sources</em> you’ll use:</p> <ul> <li><strong><code>'self'</code></strong>: Allows resources from the same origin as the document.</li> <li>**<code>*</code>**: Wildcard, allows resources from any source. (Use sparingly, if at all).</li> <li><strong><code>'none'</code></strong>: Prevents loading any resources of that type.</li> <li><strong>A specific domain</strong>: e.g., <code>https://www.google-analytics.com</code>.</li> <li><strong><code>'unsafe-inline'</code></strong>: Allows inline scripts and styles. (Avoid if possible, as it weakens the XSS protection).</li> <li><strong><code>'unsafe-eval'</code></strong>: Allows <code>eval()</code> and similar functions. (Avoid if possible, same reason).</li> </ul> <h3>The Importance of a Reporting Directive</h3> <p>Seriously, don’t skip this. The <code>report-uri</code> or <code>report-to</code> directive is your lifeline. It tells the browser to send a JSON report to a specified URL whenever a resource is blocked by your CSP.</p> <p>“`</p> <p>Content-Security-Policy: default-src ‘self’; script-src ‘self’; report-uri /csp-reports/;</p> <p>“`</p> <p>This <code>/csp-reports/</code> needs to be a URL on your server that’s configured to receive and log these reports. There are dedicated WordPress plugins that can handle this for you, or you can set up a simple script. This is how you’ll discover which plugins are trying to load resources from unexpected places.</p> <p>If you’re looking to enhance the security of your WordPress site by implementing a Content Security Policy (CSP) without disrupting your plugins, you might find it helpful to read about the process of migrating servers, as it often involves similar considerations for maintaining functionality and security. For a comprehensive guide on server migration that can provide insights into managing your WordPress environment, check out this related article on migrating between CyberPanel servers: <a href='https://thesheryar.com/cyberpanel-to-cyberpanel-migrating-to-another-server/'>Migrating to Another Server with CyberPanel</a>.</p> <h2>Implementing CSP in WordPress: The “Report-Only” Phase</h2> <p>This is arguably the most critical phase for avoiding immediate plugin breakage. Instead of enforcing your CSP right away, you’ll use the <code>Content-Security-Policy-Report-Only</code> header. This header does exactly what it says: it <em>reports</em> violations but doesn’t <em>block</em> them.</p> <h3>Setting Up <code>Content-Security-Policy-Report-Only</code></h3> <p>You can set this header in a few ways. The most common and recommended is via your web server configuration (Apache or Nginx). If you can’t access those, you might be able to use a plugin, but be cautious.</p> <h4>Using <code>.htaccess</code> (Apache)</h4> <p>Add this to your <code>.htaccess</code> file in the root WordPress directory:</p> <p>“`apache</p> <p>SetEnvIf Request_URI “^/$” CSP_REPORT_ONLY “Content-Security-Policy-Report-Only: default-src ‘self’; script-src ‘self’; report-uri /csp-reports/;”</p> <p>Header onsuccess setCSP_REPORT_ONLY env=CSP_REPORT_ONLY</p> <p>“`</p> <p><em>Caveats:</em> This is a basic example. You’ll want to expand <code>default-src</code> and <code>script-src</code> over time. Also, some hosts disable <code>SetEnvIf</code> or <code>Header</code> directives.</p> <h4>Using Nginx Configuration</h4> <p>Edit your Nginx server block configuration file (often found in <code>/etc/nginx/sites-available/</code> or similar):</p> <p>“`nginx</p> <p>add_header Content-Security-Policy-Report-Only “default-src ‘self’; script-src ‘self’; report-uri /csp-reports/”;</p> <p>“`</p> <p>Restart Nginx after making changes: <code>sudo systemctl restart nginx</code> or <code>sudo service nginx restart</code>.</p> <h4>Using a Plugin (with caution)</h4> <p>Some security plugins offer CSP implementation. If you go this route, ensure they allow you to <em>start in Report-Only mode</em>. <strong>Avoid plugins that immediately enforce CSP without a proper reporting phase.</strong> Look for plugins that specifically mention “Report-Only mode” or “auditing.”</p> <h3>Active Monitoring of Reports</h3> <p>Once your <code>Report-Only</code> header is in place, visit your website extensively. Log in as different user roles if applicable. Test different functionalities of your site. Then, check your <code>/csp-reports/</code> endpoint.</p> <p>You’ll start seeing JSON objects detailing which resources would have been blocked. For example, you might see something like this:</p> <p>“`json</p> <p>{</p> <p>“csp-report”: {</p> <p>“document-uri”: “https://yourdomain.com/some-page/”,</p> <p>“violated-directive”: “script-src-elem”,</p> <p>“effective-directive”: “script-src-elem”,</p> <p>“original-policy”: “default-src ‘self’; script-src ‘self’; report-uri /csp-reports/”,</p> <p>“blocked-uri”: “https://pluginsite.com/some-script.js”,</p> <p>“disposition”: “report”,</p> <p>“line-number”: 1,</p> <p>“source-file”: “https://yourdomain.com/some-page/”,</p> <p>“status-code”: 200,</p> <p>“script-sample”: “”</p> <p>}</p> <p>}</p> <p>“`</p> <p>This report tells you:</p> <ul> <li>Where the violation occurred (<code>document-uri</code>).</li> <li>What directive was violated (<code>violated-directive</code>).</li> <li>Which resource was blocked (<code>blocked-uri</code>).</li> </ul> <p>Your task now is to go through these reports and identify the sources that your legitimate plugins need.</p> <h2>Iterative Refinement: Building Your Policy</h2> <p>This is where the patience comes in. You’ll be adding allowed sources to your <code>script-src</code>, <code>style-src</code>, and other directives based on your report analysis. The goal is to gradually expand your policy to permit necessary resources without becoming too permissive.</p> <h3>Updating Your Directives Based on Reports</h3> <p>Let’s say you got reports that a particular plugin needs <code>https://cdn.jsdelivr.net/</code>. You’ll update your <code>Report-Only</code> header:</p> <p>“`nginx</p> <p>add_header Content-Security-Policy-Report-Only “default-src ‘self’; script-src ‘self’ cdn.jsdelivr.net; report-uri /csp-reports/”;</p> <p>“`</p> <p>After updating and observing for a while, you might find another plugin needs something from <code>https://fonts.googleapis.com/</code>. You’d add that:</p> <p>“`nginx</p> <p>add_header Content-Security-Policy-Report-Only “default-src ‘self’; script-src ‘self’ cdn.jsdelivr.net fonts.googleapis.com; report-uri /csp-reports/”;</p> <p>“`</p> <p>You’ll repeat this process. Add a source, wait, monitor, and then add another.</p> <h4>Common Plugin Needs and How to Handle Them</h4> <ul> <li><strong>Inline Scripts/Styles:</strong> Many older or poorly coded plugins will use inline scripts (<code><script>alert('hello')</script></code>) or inline styles (<code><br /> <style>.myclass { color: red; }</style> <p></code>). If you see <code>unsafe-inline</code> in your reports for <code>script-src</code> or <code>style-src</code>, it means a plugin is doing this.</li> <li><strong>The ideal solution:</strong> Find plugins that are updated and CSP-compliant, or contact the plugin developer to request it.</li> <li><strong>The compromise:</strong> If you absolutely must allow it to keep a plugin working, you can add <code>'unsafe-inline'</code> to the relevant directive. <strong>However, this significantly weakens your XSS protection.</strong> Use it as a last resort and try to isolate it to specific directives if possible, e.g., <code>script-src 'self' 'unsafe-inline';</code> (though this is still very broad).</li> <li><strong>Nonce/Hash approach:</strong> For inline scripts, a more secure method is to use nonces or hashes. A nonce (number used once) is a unique, randomly generated string added to your CSP header and to the inline script tag (<code><script nonce="RANDOM_STRING"></code>). Your server generates the nonce for each request. This is more advanced and requires server-side logic. Hashes are similar but use cryptographic hashes of the script content.</li> </ul> <ul> <li><strong>External APIs/Services:</strong> Plugins might connect to external services for data or functionality (e.g., a weather plugin pulling data from a weather API). You'll need to allow those domains in <code>connect-src</code> or specific directives.</li> </ul> <ul> <li><strong>Iframes:</strong> If a plugin embeds content using <code><iframe></code> (e.g., YouTube embeds), you'll need to control <code>frame-src</code> (or <code>child-src</code>). For example, to allow YouTube: <code>frame-src 'self' https://www.youtube.com</code>.</li> </ul> <h3>The Switch to Enforcement Mode</h3> <p>Once you’ve gone through many cycles of receiving reports, identifying blocked resources, and adding them to your <code>Report-Only</code> policy, and you’re confident that minimal (or no) legitimate resources are being blocked, it’s time to switch to actual enforcement.</p> <h4>Removing <code>-Report-Only</code></h4> <p>This is straightforward. Find your <code>Content-Security-Policy-Report-Only</code> header and remove the <code>-Report-Only</code> part.</p> <p><strong>Apache (<code>.htaccess</code>):</strong></p> <p>```apache</p> <h1>Remove the Report-Only line and add the actual CSP header</h1> <p>Header set Content-Security-Policy "default-src 'self'; script-src 'self' cdn.jsdelivr.net fonts.googleapis.com; report-uri /csp-reports/;"</p> <p>```</p> <p><strong>Nginx:</strong></p> <p>```nginx</p> <p>add_header Content-Security-Policy "default-src 'self'; script-src 'self' cdn.jsdelivr.net fonts.googleapis.com; report-uri /csp-reports/";</p> <p>```</p> <p>Remember to restart your server if you're editing Nginx configs.</p> <h3>Post-Enforcement Monitoring</h3> <p>Even after switching to enforcement, keep an eye on your <code>csp-reports/</code> endpoint for a while. Things can happen:</p> <ul> <li><strong>Plugin Updates:</strong> A plugin update might introduce new scripts or change how it loads existing ones, leading to new violations.</li> <li><strong>Theme Updates:</strong> Similarly, themes can change their asset loading.</li> <li><strong>New Plugins/Themes:</strong> If you add anything new to your site, you’ll need to re-audit your CSP.</li> </ul> <p>If you start seeing CSP violations in your reports <em>after</em> enforcement, you’ll need to go back to the <code>Report-Only</code> phase for those specific issues. It's an ongoing process, not a one-time setup.</p> <h2>Advanced Considerations and Plugin-Specific Strategies</h2> <p>As you get deeper into CSP, you'll encounter scenarios that require more nuanced handling. WordPress's dynamic nature, with its vast array of plugins, makes this a reality.</p> <h3>Handling Dynamic Content and Shortcodes</h3> <p>Some plugins generate content or scripts dynamically using shortcodes. This can be tricky for CSP because the browser might not see the script or style until after the page has been parsed.</p> <ul> <li><strong>Identify the Source:</strong> Determine which plugin is responsible and what script or style it's trying to load when the shortcode is processed.</li> <li><strong>Add to CSP:</strong> Once identified, add the necessary domains or sources to your <code>script-src</code> or <code>style-src</code> directives.</li> <li><strong><code>unsafe-eval</code> and Inline Scripts:</strong> If a plugin relies heavily on JavaScript that dynamically generates code or scripts, you might see <code>unsafe-eval</code> or <code>unsafe-inline</code> violations. This is usually a sign of less-than-ideal coding practices in the plugin.</li> <li><strong>Option 1 (Best):</strong> Contact the plugin developer and report the CSP violations. Offer them resources on how to make their plugin CSP-compliant (e.g., using nonces, externalizing scripts).</li> <li><strong>Option 2 (Temporary/Risky):</strong> If you can't get the plugin developer to act, you might have to fall back to <code>'unsafe-inline'</code> or <code>'unsafe-eval'</code> for your <code>script-src</code> directive. Do this with extreme caution and understand the security implications.</li> </ul> <h3>WordPress Hooks and Inline JavaScript</h3> <p>WordPress often uses hooks (<code>wp_localize_script</code>, <code>wp_add_inline_script</code>, <code>wp_add_inline_style</code>) to inject data and small snippets of code. These are frequent sources of CSP violations because they are essentially inline scripts.</p> <h4><code>wp_localize_script</code></h4> <p>This is commonly used to pass PHP variables to JavaScript.</p> <p>```php</p> <p>wp_localize_script( 'my-script-handle', 'myAjax', array( 'ajaxurl' => admin_url( 'admin-ajax.php' ) ) );</p> <p>```</p> <p>This creates a JavaScript object <code>myAjax</code>. If your CSP is strict, it might block this.</p> <ul> <li><strong>Solution:</strong> Usually, <code>wp_localize_script</code> is safe if the handle it's attached to (<code>my-script-handle</code>) is allowed in <code>script-src</code> AND <code>script-src</code> includes <code>'self'</code> (for scripts loaded from your domain). The data itself isn't usually the problem, but the way it's injected.</li> </ul> <h4><code>wp_add_inline_script</code> and <code>wp_add_inline_style</code></h4> <p>These directly add JavaScript or CSS to the page.</p> <p>```php</p> <p>wp_add_inline_script( 'my-script-handle', 'var myVar = "someValue";' );</p> <p>wp_add_inline_style( 'my-style-handle', '.myClass { color: blue; }' );</p> <p>```</p> <p>If your <code>script-src</code> or <code>style-src</code> directives don't explicitly allow inline scripts/styles (e.g., using <code>'unsafe-inline'</code> or specific hashes/nonces), these will be blocked.</p> <ul> <li><strong>Solution:</strong></li> <li><strong>Best:</strong> If you control the code injecting the inline script/style, refactor it to use external files.</li> <li><strong>If not:</strong> You’ll likely need to add <code>'unsafe-inline'</code> to <code>script-src</code> and/or <code>style-src</code>. This is where the "report-only" phase is vital. You’ll see these as violations and realize you need to allow them.</li> </ul> <h3>Plugin-Specific CSP Directives</h3> <p>Some advanced security plugins or frameworks might offer "plugin hashes" or allow you to associate CSP rules with specific plugins. This is a more sophisticated approach if you have many plugins.</p> <ul> <li><strong>How it works:</strong> Instead of adding a broad domain to your <code>script-src</code>, you might be able to add a cryptographic hash of a specific script file used by a plugin. This means only <em>that exact version</em> of the script will be allowed, and if the script changes (e.g., during an update), the hash will break, and you'll get a report.</li> <li><strong>Nonces with Plugins:</strong> Some plugins might be designed to work with nonces. You'd get a nonce from your server, pass it to the plugin's JavaScript, and the CSP header would include that nonce.</li> </ul> <p>If a particular plugin is causing a lot of trouble, and you can’t make it CSP-compliant, consider alternatives. There are many plugins for almost any functionality, and some are better maintained and more security-conscious than others.</p> <h3>The <code>report-to</code> Directive vs. <code>report-uri</code></h3> <p>While <code>report-uri</code> is widely supported, the newer <code>report-to</code> directive is part of the CSP Level 2 specification and offers more advanced reporting capabilities. It allows you to specify multiple endpoints and define reporting policies. For most WordPress users, <code>report-uri</code> is sufficient and easier to implement initially. Stick with <code>report-uri</code> until you have a firm grasp of CSP basics and are ready for more complex reporting.</p> <p>Implementing a Content Security Policy (CSP) in WordPress can significantly enhance your site's security, but it can also lead to issues with plugins if not done carefully. To ensure a smooth integration, you might find it helpful to read a related article that provides insights on maintaining plugin functionality while setting up CSP. For more information on this topic, check out this informative piece at <a href='https://thesheryar.com/about/'>The Sheryar</a>, which offers practical tips and best practices for WordPress users.</p> <h2>Testing and Finalizing Your CSP</h2> <p>You've spent time in report-only mode, you've analyzed your reports, and you've built up your policy. Now it's time to make sure it's truly functional and secure.</p> <h3>Thorough Cross-Browser and Cross-Device Testing</h3> <p>Don't just test in your favorite browser on your desktop.</p> <ul> <li><strong>Different Browsers:</strong> Chrome, Firefox, Safari, Edge. Some browsers might interpret CSP slightly differently, or have varying levels of support for certain directives.</li> <li><strong>Mobile Devices:</strong> Test on iOS and Android devices. Mobile browsers can sometimes behave differently.</li> <li><strong>Different User Roles:</strong> If your site has different user roles with varying permissions (e.g., administrators, editors, subscribers), log in as each and test their experience. Some plugins might load different assets for different roles.</li> </ul> <h3>Re-enable Reporting After Enforcement</h3> <p>Even after switching to enforcement, keep the <code>report-uri</code> directive in place. This is your safety net. If something unexpected breaks due to a plugin update or a subtle change, you'll get reports.</p> <h4>What to Do if a Plugin Breaks After Enforcement</h4> <ol> <li><strong>Check SERIOUSLY:</strong> Is this a critical plugin? Can you disable it temporarily?</li> <li><strong>Revert to Report-Only:</strong> Temporarily switch back to <code>Content-Security-Policy-Report-Only</code>.</li> <li><strong>Analyze Reports:</strong> See what caused the violation. Is it a new script, an inline style, or something else?</li> <li><strong>Update CSP:</strong> Add the necessary source to your <code>Report-Only</code> policy.</li> <li><strong>Test Again:</strong> Ensure the plugin works as expected.</li> <li><strong>Re-enable Enforcement:</strong> Switch back to the strict <code>Content-Security-Policy</code> header.</li> </ol> <p>Repeat this cycle until the plugin functions correctly.</p> <h3>Consider a CSP Plugin as a Long-Term Solution</h3> <p>While you can implement CSP manually, managing it can become complex, especially on larger sites or if your plugin/theme setup changes frequently.</p> <ul> <li><strong>Plugin Benefits:</strong> Dedicated CSP plugins can:</li> <li>Simplify the process of generating the initial policy.</li> <li>Provide user-friendly interfaces for adding sources.</li> <li>Automate the generation of inline script/style hashes.</li> <li>Offer better reporting and logging features.</li> <li>Handle the <code>Content-Security-Policy-Report-Only</code> mode effectively.</li> <li><strong>Choosing a Plugin:</strong> Look for plugins that:</li> <li>Prominently feature a "Report-Only" or "auditing" mode.</li> <li>Allow granular control over directives.</li> <li>Have good reviews and are actively maintained.</li> <li>Provide clear documentation on how to use them with plugins.</li> </ul> <p>Popular choices might include plugins like "Content Security Policy" or "WP CSP". Research and read reviews carefully. Even with a plugin, understanding the underlying concepts is crucial for troubleshooting.</p> <h3>Securing Your WordPress Site Beyond CSP</h3> <p>Remember that CSP is one layer of security. It's highly effective against XSS, but it doesn't protect against everything.</p> <ul> <li><strong>Regular Updates:</strong> Keep WordPress core, themes, and plugins updated. Vulnerabilities are often patched this way.</li> <li><strong>Strong Passwords and User Management:</strong></li> <li><strong>Secure Hosting:</strong> Choose a reputable hosting provider.</li> <li><strong>Firewall (WAF):</strong> A Web Application Firewall can block malicious requests before they even reach your server.</li> <li><strong>Regular Backups:</strong> Always have recent backups.</li> </ul> <p>Implementing a Content Security Policy in WordPress without breaking plugins is a journey that requires careful planning, patience, and a willingness to iterate. By starting in report-only mode and systematically addressing violations, you can significantly enhance your site’s security without causing unexpected downtime or functionality issues. It’s a worthwhile effort for any website owner serious about protecting their visitors and their site.</p> </div> </div> </div> </div> <footer data-elementor-type="footer" data-elementor-id="37" class="elementor elementor-37 elementor-location-footer" data-elementor-post-type="elementor_library"> <footer class="elementor-element elementor-element-9da27f1 e-flex e-con-boxed e-con e-parent" data-id="9da27f1" data-element_type="container" data-e-type="container" data-settings="{"background_background":"classic"}"> <div class="e-con-inner"> <div class="elementor-element elementor-element-54b8d58 e-con-full e-flex e-con e-child" data-id="54b8d58" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-46df351 elementor-widget elementor-widget-image" data-id="46df351" data-element_type="widget" data-e-type="widget" data-widget_type="image.default"> <a href="https://thesheryar.com"> <img width="544" height="188" src="https://thesheryar.com/wp-content/uploads/source-02-1.png" class="attachment-full size-full wp-image-2398" alt="" srcset="https://thesheryar.com/wp-content/uploads/source-02-1.png 544w, https://thesheryar.com/wp-content/uploads/source-02-1-300x104.png 300w" sizes="(max-width: 544px) 100vw, 544px" /> </a> </div> <div class="elementor-element elementor-element-cf36300 e-grid-align-left elementor-shape-rounded elementor-grid-0 elementor-widget elementor-widget-global elementor-global-919 elementor-widget-social-icons" data-id="cf36300" data-element_type="widget" data-e-type="widget" data-widget_type="social-icons.default"> <div class="elementor-social-icons-wrapper elementor-grid" role="list"> <span class="elementor-grid-item" role="listitem"> <a class="elementor-icon elementor-social-icon elementor-social-icon-linkedin-in elementor-repeater-item-00771c7" href="https://www.linkedin.com/in/thesheryar/" target="_blank"> <span class="elementor-screen-only">Linkedin-in</span> <svg aria-hidden="true" class="e-font-icon-svg e-fab-linkedin-in" viewBox="0 0 448 512" xmlns="http://www.w3.org/2000/svg"><path d="M100.28 448H7.4V148.9h92.88zM53.79 108.1C24.09 108.1 0 83.5 0 53.8a53.79 53.79 0 0 1 107.58 0c0 29.7-24.1 54.3-53.79 54.3zM447.9 448h-92.68V302.4c0-34.7-.7-79.2-48.29-79.2-48.29 0-55.69 37.7-55.69 76.7V448h-92.78V148.9h89.08v40.8h1.3c12.4-23.5 42.69-48.3 87.88-48.3 94 0 111.28 61.9 111.28 142.3V448z"></path></svg> </a> </span> <span class="elementor-grid-item" role="listitem"> <a class="elementor-icon elementor-social-icon elementor-social-icon-x-twitter elementor-repeater-item-2504d32" href="https://x.com/thesheryarcom" target="_blank"> <span class="elementor-screen-only">X-twitter</span> <svg aria-hidden="true" class="e-font-icon-svg e-fab-x-twitter" viewBox="0 0 512 512" xmlns="http://www.w3.org/2000/svg"><path d="M389.2 48h70.6L305.6 224.2 487 464H345L233.7 318.6 106.5 464H35.8L200.7 275.5 26.8 48H172.4L272.9 180.9 389.2 48zM364.4 421.8h39.1L151.1 88h-42L364.4 421.8z"></path></svg> </a> </span> <span class="elementor-grid-item" role="listitem"> <a class="elementor-icon elementor-social-icon elementor-social-icon-wordpress elementor-repeater-item-0d7d4c4" href="https://profiles.wordpress.org/thesheryar/" target="_blank"> <span class="elementor-screen-only">Wordpress</span> <svg aria-hidden="true" class="e-font-icon-svg e-fab-wordpress" viewBox="0 0 512 512" xmlns="http://www.w3.org/2000/svg"><path d="M61.7 169.4l101.5 278C92.2 413 43.3 340.2 43.3 256c0-30.9 6.6-60.1 18.4-86.6zm337.9 75.9c0-26.3-9.4-44.5-17.5-58.7-10.8-17.5-20.9-32.4-20.9-49.9 0-19.6 14.8-37.8 35.7-37.8.9 0 1.8.1 2.8.2-37.9-34.7-88.3-55.9-143.7-55.9-74.3 0-139.7 38.1-177.8 95.9 5 .2 9.7.3 13.7.3 22.2 0 56.7-2.7 56.7-2.7 11.5-.7 12.8 16.2 1.4 17.5 0 0-11.5 1.3-24.3 2l77.5 230.4L249.8 247l-33.1-90.8c-11.5-.7-22.3-2-22.3-2-11.5-.7-10.1-18.2 1.3-17.5 0 0 35.1 2.7 56 2.7 22.2 0 56.7-2.7 56.7-2.7 11.5-.7 12.8 16.2 1.4 17.5 0 0-11.5 1.3-24.3 2l76.9 228.7 21.2-70.9c9-29.4 16-50.5 16-68.7zm-139.9 29.3l-63.8 185.5c19.1 5.6 39.2 8.7 60.1 8.7 24.8 0 48.5-4.3 70.6-12.1-.6-.9-1.1-1.9-1.5-2.9l-65.4-179.2zm183-120.7c.9 6.8 1.4 14 1.4 21.9 0 21.6-4 45.8-16.2 76.2l-65 187.9C426.2 403 468.7 334.5 468.7 256c0-37-9.4-71.8-26-102.1zM504 256c0 136.8-111.3 248-248 248C119.2 504 8 392.7 8 256 8 119.2 119.2 8 256 8c136.7 0 248 111.2 248 248zm-11.4 0c0-130.5-106.2-236.6-236.6-236.6C125.5 19.4 19.4 125.5 19.4 256S125.6 492.6 256 492.6c130.5 0 236.6-106.1 236.6-236.6z"></path></svg> </a> </span> <span class="elementor-grid-item" role="listitem"> <a class="elementor-icon elementor-social-icon elementor-social-icon-github elementor-repeater-item-472a732" href="https://github.com/thesheryar" target="_blank"> <span class="elementor-screen-only">Github</span> <svg aria-hidden="true" class="e-font-icon-svg e-fab-github" viewBox="0 0 496 512" xmlns="http://www.w3.org/2000/svg"><path d="M165.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3.3-5.6-1.3-5.6-3.6 0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6zm-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6 0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5.3-6.2 2.3zm44.2-1.7c-2.9.7-4.9 2.6-4.6 4.9.3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9zM244.8 8C106.1 8 0 113.3 0 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1 0-6.2-.3-40.4-.3-61.4 0 0-70 15-84.7-29.8 0 0-11.4-29.1-27.8-36.6 0 0-22.9-15.7 1.6-15.4 0 0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16-33.7-55.9-6.2-112.3-14.3-112.3-110.5 0-27.5 7.6-41.3 23.6-58.9-2.6-6.5-11.1-33.3 2.6-67.9 20.9-6.5 69 27 69 27 20-5.6 41.5-8.5 62.8-8.5s42.8 2.9 62.8 8.5c0 0 48.1-33.6 69-27 13.7 34.7 5.2 61.4 2.6 67.9 16 17.7 25.8 31.5 25.8 58.9 0 96.5-58.9 104.2-114.8 110.5 9.2 7.9 17 22.9 17 46.4 0 33.7-.3 75.4-.3 83.6 0 6.5 4.6 14.4 17.3 12.1C428.2 457.8 496 362.9 496 252 496 113.3 383.5 8 244.8 8zM97.2 352.9c-1.3 1-1 3.3.7 5.2 1.6 1.6 3.9 2.3 5.2 1 1.3-1 1-3.3-.7-5.2-1.6-1.6-3.9-2.3-5.2-1zm-10.8-8.1c-.7 1.3.3 2.9 2.3 3.9 1.6 1 3.6.7 4.3-.7.7-1.3-.3-2.9-2.3-3.9-2-.6-3.6-.3-4.3.7zm32.4 35.6c-1.6 1.3-1 4.3 1.3 6.2 2.3 2.3 5.2 2.6 6.5 1 1.3-1.3.7-4.3-1.3-6.2-2.2-2.3-5.2-2.6-6.5-1zm-11.4-14.7c-1.6 1-1.6 3.6 0 5.9 1.6 2.3 4.3 3.3 5.6 2.3 1.6-1.3 1.6-3.9 0-6.2-1.4-2.3-4-3.3-5.6-2z"></path></svg> </a> </span> <span class="elementor-grid-item" role="listitem"> <a class="elementor-icon elementor-social-icon elementor-social-icon-wordpress elementor-repeater-item-4a501ec" target="_blank"> <span class="elementor-screen-only">Wordpress</span> <svg aria-hidden="true" class="e-font-icon-svg e-fab-wordpress" viewBox="0 0 512 512" xmlns="http://www.w3.org/2000/svg"><path d="M61.7 169.4l101.5 278C92.2 413 43.3 340.2 43.3 256c0-30.9 6.6-60.1 18.4-86.6zm337.9 75.9c0-26.3-9.4-44.5-17.5-58.7-10.8-17.5-20.9-32.4-20.9-49.9 0-19.6 14.8-37.8 35.7-37.8.9 0 1.8.1 2.8.2-37.9-34.7-88.3-55.9-143.7-55.9-74.3 0-139.7 38.1-177.8 95.9 5 .2 9.7.3 13.7.3 22.2 0 56.7-2.7 56.7-2.7 11.5-.7 12.8 16.2 1.4 17.5 0 0-11.5 1.3-24.3 2l77.5 230.4L249.8 247l-33.1-90.8c-11.5-.7-22.3-2-22.3-2-11.5-.7-10.1-18.2 1.3-17.5 0 0 35.1 2.7 56 2.7 22.2 0 56.7-2.7 56.7-2.7 11.5-.7 12.8 16.2 1.4 17.5 0 0-11.5 1.3-24.3 2l76.9 228.7 21.2-70.9c9-29.4 16-50.5 16-68.7zm-139.9 29.3l-63.8 185.5c19.1 5.6 39.2 8.7 60.1 8.7 24.8 0 48.5-4.3 70.6-12.1-.6-.9-1.1-1.9-1.5-2.9l-65.4-179.2zm183-120.7c.9 6.8 1.4 14 1.4 21.9 0 21.6-4 45.8-16.2 76.2l-65 187.9C426.2 403 468.7 334.5 468.7 256c0-37-9.4-71.8-26-102.1zM504 256c0 136.8-111.3 248-248 248C119.2 504 8 392.7 8 256 8 119.2 119.2 8 256 8c136.7 0 248 111.2 248 248zm-11.4 0c0-130.5-106.2-236.6-236.6-236.6C125.5 19.4 19.4 125.5 19.4 256S125.6 492.6 256 492.6c130.5 0 236.6-106.1 236.6-236.6z"></path></svg> </a> </span> </div> </div> </div> <div class="elementor-element elementor-element-1c773c1 e-con-full e-flex e-con e-child" data-id="1c773c1" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-099b003 elementor-widget elementor-widget-heading" data-id="099b003" data-element_type="widget" data-e-type="widget" data-widget_type="heading.default"> <h2 class="elementor-heading-title elementor-size-default">Email Contact</h2> </div> <div class="elementor-element elementor-element-55083cf elementor-icon-list--layout-traditional elementor-list-item-link-full_width elementor-widget elementor-widget-icon-list" data-id="55083cf" data-element_type="widget" data-e-type="widget" data-widget_type="icon-list.default"> <ul class="elementor-icon-list-items"> <li class="elementor-icon-list-item"> <span class="elementor-icon-list-text">info@thesheryar.com</span> </li> </ul> </div> </div> </div> </footer> <footer class="elementor-element elementor-element-d3ffab7 e-flex e-con-boxed e-con e-parent" data-id="d3ffab7" data-element_type="container" data-e-type="container" data-settings="{"background_background":"classic"}"> <div class="e-con-inner"> <div class="elementor-element elementor-element-1b89338 e-con-full e-flex e-con e-child" data-id="1b89338" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-0aa3417 elementor-widget elementor-widget-heading" data-id="0aa3417" data-element_type="widget" data-e-type="widget" data-widget_type="heading.default"> <span class="elementor-heading-title elementor-size-default">Copyright © 2018-2026 TheSheryar LLC. </span> </div> </div> </div> </footer> </footer> <script type="speculationrules"> {"prefetch":[{"source":"document","where":{"and":[{"href_matches":"/*"},{"not":{"href_matches":["/wp-*.php","/wp-admin/*","/wp-content/uploads/*","/wp-content/*","/wp-content/plugins/*","/wp-content/themes/hello-elementor/*","/*\\?(.+)"]}},{"not":{"selector_matches":"a[rel~=\"nofollow\"]"}},{"not":{"selector_matches":".no-prefetch, .no-prefetch a"}}]},"eagerness":"conservative"}]} </script> <script id="independent-analytics-script" > // Do not change this comment line otherwise Speed Optimizer won't be able to detect this script (function () { function sendRequest(url, body) { if(!window.fetch) { const xhr = new XMLHttpRequest(); xhr.open("POST", url, true); xhr.setRequestHeader("Content-Type", "application/json;charset=UTF-8"); xhr.send(JSON.stringify(body)) return } const request = fetch(url, { method: 'POST', body: JSON.stringify(body), keepalive: true, headers: { 'Content-Type': 'application/json;charset=UTF-8' } }); } const calculateParentDistance = (child, parent) => { let count = 0; let currentElement = child; // Traverse up the DOM tree until we reach parent or the top of the DOM while (currentElement && currentElement !== parent) { currentElement = currentElement.parentNode; count++; } // If parent was not found in the hierarchy, return -1 if (!currentElement) { return -1; // Indicates parent is not an ancestor of element } return count; // Number of layers between element and parent } const isMatchingClass = (linkRule, href, classes, ids) => { return classes.includes(linkRule.value) } const isMatchingId = (linkRule, href, classes, ids) => { return ids.includes(linkRule.value) } const isMatchingDomain = (linkRule, href, classes, ids) => { if(!URL.canParse(href)) { return false } const url = new URL(href) const host = url.host const hostsToMatch = [host] if(host.startsWith('www.')) { hostsToMatch.push(host.substring(4)) } else { hostsToMatch.push('www.' + host) } return hostsToMatch.includes(linkRule.value) } const isMatchingExtension = (linkRule, href, classes, ids) => { if(!URL.canParse(href)) { return false } const url = new URL(href) return url.pathname.endsWith('.' + linkRule.value) } const isMatchingSubdirectory = (linkRule, href, classes, ids) => { if(!URL.canParse(href)) { return false } const url = new URL(href) return url.pathname.startsWith('/' + linkRule.value + '/') } const isMatchingProtocol = (linkRule, href, classes, ids) => { if(!URL.canParse(href)) { return false } const url = new URL(href) return url.protocol === linkRule.value + ':' } const isMatchingExternal = (linkRule, href, classes, ids) => { if(!URL.canParse(href) || !URL.canParse(document.location.href)) { return false } const matchingProtocols = ['http:', 'https:'] const siteUrl = new URL(document.location.href) const linkUrl = new URL(href) // Links to subdomains will appear to be external matches according to JavaScript, // but the PHP rules will filter those events out. return matchingProtocols.includes(linkUrl.protocol) && siteUrl.host !== linkUrl.host } const isMatch = (linkRule, href, classes, ids) => { switch (linkRule.type) { case 'class': return isMatchingClass(linkRule, href, classes, ids) case 'id': return isMatchingId(linkRule, href, classes, ids) case 'domain': return isMatchingDomain(linkRule, href, classes, ids) case 'extension': return isMatchingExtension(linkRule, href, classes, ids) case 'subdirectory': return isMatchingSubdirectory(linkRule, href, classes, ids) case 'protocol': return isMatchingProtocol(linkRule, href, classes, ids) case 'external': return isMatchingExternal(linkRule, href, classes, ids) default: return false; } } const track = (element) => { const href = element.href ?? null const classes = Array.from(element.classList) const ids = [element.id] const linkRules = [{"type":"extension","value":"pdf"},{"type":"extension","value":"zip"},{"type":"protocol","value":"mailto"},{"type":"protocol","value":"tel"}] if(linkRules.length === 0) { return } // For link rules that target an id, we need to allow that id to appear // in any ancestor up to the 7th ancestor. This loop looks for those matches // and counts them. linkRules.forEach((linkRule) => { if(linkRule.type !== 'id') { return; } const matchingAncestor = element.closest('#' + linkRule.value) if(!matchingAncestor || matchingAncestor.matches('html, body')) { return; } const depth = calculateParentDistance(element, matchingAncestor) if(depth < 7) { ids.push(linkRule.value) } }); // For link rules that target a class, we need to allow that class to appear // in any ancestor up to the 7th ancestor. This loop looks for those matches // and counts them. linkRules.forEach((linkRule) => { if(linkRule.type !== 'class') { return; } const matchingAncestor = element.closest('.' + linkRule.value) if(!matchingAncestor || matchingAncestor.matches('html, body')) { return; } const depth = calculateParentDistance(element, matchingAncestor) if(depth < 7) { classes.push(linkRule.value) } }); const hasMatch = linkRules.some((linkRule) => { return isMatch(linkRule, href, classes, ids) }) if(!hasMatch) { return } const url = "https://thesheryar.com/wp-content/plugins/independent-analytics/iawp-click-endpoint.php"; const body = { href: href, classes: classes.join(' '), ids: ids.join(' '), ...{"payload":{"resource":"singular","singular_id":2560,"page":1},"signature":"05e2bbfa6f9404197563c134eedebf27"} }; sendRequest(url, body) } let hasSearched = false; function search() { if(hasSearched) { return; } hasSearched = true; if (document.hasOwnProperty("visibilityState") && document.visibilityState === "prerender") { return; } if (navigator.webdriver || /bot|crawler|spider|crawling|semrushbot|chrome-lighthouse/i.test(navigator.userAgent)) { return; } let referrer_url = null; if (typeof document.referrer === 'string' && document.referrer.length > 0) { referrer_url = document.referrer; } const params = location.search.slice(1).split('&').reduce((acc, s) => { const [k, v] = s.split('='); return Object.assign(acc, {[k]: v}); }, {}); const url = "https://thesheryar.com/wp-json/iawp/search"; const body = { referrer_url, utm_source: params.utm_source, utm_medium: params.utm_medium, utm_campaign: params.utm_campaign, utm_term: params.utm_term, utm_content: params.utm_content, gclid: params.gclid, ...{"payload":{"resource":"singular","singular_id":2560,"page":1},"signature":"05e2bbfa6f9404197563c134eedebf27"} }; sendRequest(url, body) } document.addEventListener('mousedown', function (event) { if (navigator.webdriver || /bot|crawler|spider|crawling|semrushbot|chrome-lighthouse/i.test(navigator.userAgent)) { return; } const element = event.target.closest('a') if(!element) { return } const isPro = false if(!isPro) { return } // Don't track left clicks with this event. The click event is used for that. if(event.button === 0) { return } track(element) }) document.addEventListener('click', function (event) { if (navigator.webdriver || /bot|crawler|spider|crawling|semrushbot|chrome-lighthouse/i.test(navigator.userAgent)) { return; } const element = event.target.closest('a, button, input[type="submit"], input[type="button"]') if(!element) { return } const isPro = false if(!isPro) { return } track(element) }) document.addEventListener('play', function (event) { if (navigator.webdriver || /bot|crawler|spider|crawling|semrushbot|chrome-lighthouse/i.test(navigator.userAgent)) { return; } const element = event.target.closest('audio, video') if(!element) { return } const isPro = false if(!isPro) { return } track(element) }, true) document.addEventListener("DOMContentLoaded", function (e) { search(); }); document.addEventListener("iawpSearch", function (e) { search(); }); })(); </script> <script src="https://thesheryar.com/wp-content/themes/hello-elementor/assets/js/hello-frontend.js?ver=3.4.7" id="hello-theme-frontend-js"></script> <script src="https://thesheryar.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=4.0.8" id="elementor-webpack-runtime-js"></script> <script src="https://thesheryar.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=4.0.8" id="elementor-frontend-modules-js"></script> <script src="https://thesheryar.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.3" id="jquery-ui-core-js"></script> <script id="elementor-frontend-js-before"> var elementorFrontendConfig = {"environmentMode":{"edit":false,"wpPreview":false,"isScriptDebug":false},"i18n":{"shareOnFacebook":"Share on Facebook","shareOnTwitter":"Share on Twitter","pinIt":"Pin it","download":"Download","downloadImage":"Download image","fullscreen":"Fullscreen","zoom":"Zoom","share":"Share","playVideo":"Play Video","previous":"Previous","next":"Next","close":"Close","a11yCarouselPrevSlideMessage":"Previous slide","a11yCarouselNextSlideMessage":"Next slide","a11yCarouselFirstSlideMessage":"This is the first slide","a11yCarouselLastSlideMessage":"This is the last slide","a11yCarouselPaginationBulletMessage":"Go to slide"},"is_rtl":false,"breakpoints":{"xs":0,"sm":480,"md":768,"lg":1025,"xl":1440,"xxl":1600},"responsive":{"breakpoints":{"mobile":{"label":"Mobile Portrait","value":767,"default_value":767,"direction":"max","is_enabled":true},"mobile_extra":{"label":"Mobile Landscape","value":880,"default_value":880,"direction":"max","is_enabled":true},"tablet":{"label":"Tablet Portrait","value":1024,"default_value":1024,"direction":"max","is_enabled":true},"tablet_extra":{"label":"Tablet Landscape","value":1200,"default_value":1200,"direction":"max","is_enabled":true},"laptop":{"label":"Laptop","value":1366,"default_value":1366,"direction":"max","is_enabled":true},"widescreen":{"label":"Widescreen","value":2400,"default_value":2400,"direction":"min","is_enabled":true}},"hasCustomBreakpoints":true},"version":"4.0.8","is_static":false,"experimentalFeatures":{"e_font_icon_svg":true,"additional_custom_breakpoints":true,"container":true,"e_optimized_markup":true,"theme_builder_v2":true,"hello-theme-header-footer":true,"nested-elements":true,"global_classes_should_enforce_capabilities":true,"e_variables":true,"e_opt_in_v4_page":true,"e_components":true,"e_interactions":true,"e_widget_creation":true,"import-export-customization":true,"e_pro_atomic_form":true,"e_pro_variables":true,"e_pro_interactions":true},"urls":{"assets":"https:\/\/thesheryar.com\/wp-content\/plugins\/elementor\/assets\/","ajaxurl":"https:\/\/thesheryar.com\/wp-admin\/admin-ajax.php","uploadUrl":"https:\/\/thesheryar.com\/wp-content\/uploads"},"nonces":{"floatingButtonsClickTracking":"04a3b45e29","atomicFormsSendForm":"d11541ecda"},"swiperClass":"swiper","settings":{"page":[],"editorPreferences":[]},"kit":{"body_background_background":"classic","active_breakpoints":["viewport_mobile","viewport_mobile_extra","viewport_tablet","viewport_tablet_extra","viewport_laptop","viewport_widescreen"],"global_image_lightbox":"yes","lightbox_enable_counter":"yes","lightbox_enable_fullscreen":"yes","lightbox_enable_zoom":"yes","lightbox_enable_share":"yes","lightbox_title_src":"title","lightbox_description_src":"description","hello_header_logo_type":"logo","hello_header_menu_layout":"horizontal","hello_footer_logo_type":"logo"},"post":{"id":2560,"title":"How%20to%20implement%20a%20Content%20Security%20Policy%20%28CSP%29%20in%20WordPress%20without%20breaking%20plugins%3F%20-%20TheSheryar","excerpt":"","featuredImage":false}}; //# sourceURL=elementor-frontend-js-before </script> <script src="https://thesheryar.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=4.0.8" id="elementor-frontend-js"></script> <script src="https://thesheryar.com/wp-content/plugins/elementor-pro/assets/lib/smartmenus/jquery.smartmenus.min.js?ver=1.2.1" id="smartmenus-js"></script> <script src="https://thesheryar.com/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js?ver=4.0.4" id="e-sticky-js"></script> <script src="https://thesheryar.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=4.0.4" id="elementor-pro-webpack-runtime-js"></script> <script src="https://thesheryar.com/wp-includes/js/dist/hooks.min.js?ver=dd5603f07f9220ed27f1" id="wp-hooks-js"></script> <script src="https://thesheryar.com/wp-includes/js/dist/i18n.min.js?ver=c26c3dc7bed366793375" id="wp-i18n-js"></script> <script id="wp-i18n-js-after"> wp.i18n.setLocaleData( { 'text direction\u0004ltr': [ 'ltr' ] } ); //# sourceURL=wp-i18n-js-after </script> <script id="elementor-pro-frontend-js-before"> var ElementorProFrontendConfig = {"ajaxurl":"https:\/\/thesheryar.com\/wp-admin\/admin-ajax.php","nonce":"ce9597bf31","urls":{"assets":"https:\/\/thesheryar.com\/wp-content\/plugins\/elementor-pro\/assets\/","rest":"https:\/\/thesheryar.com\/wp-json\/"},"settings":{"lazy_load_background_images":false},"popup":{"hasPopUps":false},"shareButtonsNetworks":{"facebook":{"title":"Facebook","has_counter":true},"twitter":{"title":"Twitter"},"linkedin":{"title":"LinkedIn","has_counter":true},"pinterest":{"title":"Pinterest","has_counter":true},"reddit":{"title":"Reddit","has_counter":true},"vk":{"title":"VK","has_counter":true},"odnoklassniki":{"title":"OK","has_counter":true},"tumblr":{"title":"Tumblr"},"digg":{"title":"Digg"},"skype":{"title":"Skype"},"stumbleupon":{"title":"StumbleUpon","has_counter":true},"mix":{"title":"Mix"},"telegram":{"title":"Telegram"},"pocket":{"title":"Pocket","has_counter":true},"xing":{"title":"XING","has_counter":true},"whatsapp":{"title":"WhatsApp"},"email":{"title":"Email"},"print":{"title":"Print"},"x-twitter":{"title":"X"},"threads":{"title":"Threads"}},"facebook_sdk":{"lang":"en_US","app_id":""},"lottie":{"defaultAnimationUrl":"https:\/\/thesheryar.com\/wp-content\/plugins\/elementor-pro\/modules\/lottie\/assets\/animations\/default.json"}}; //# sourceURL=elementor-pro-frontend-js-before </script> <script src="https://thesheryar.com/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=4.0.4" id="elementor-pro-frontend-js"></script> <script src="https://thesheryar.com/wp-content/plugins/elementor-pro/assets/js/elements-handlers.min.js?ver=4.0.4" id="pro-elements-handlers-js"></script> <script id="wp-emoji-settings" type="application/json"> {"baseUrl":"https://s.w.org/images/core/emoji/17.0.2/72x72/","ext":".png","svgUrl":"https://s.w.org/images/core/emoji/17.0.2/svg/","svgExt":".svg","source":{"concatemoji":"https://thesheryar.com/wp-includes/js/wp-emoji-release.min.js?ver=6.9.4"}} </script> <script type="module"> /*! This file is auto-generated */ const a=JSON.parse(document.getElementById("wp-emoji-settings").textContent),o=(window._wpemojiSettings=a,"wpEmojiSettingsSupports"),s=["flag","emoji"];function i(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function c(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data);e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(n,0,0);const a=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data);return t.every((e,t)=>e===a[t])}function p(e,t){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var n=e.getImageData(16,16,1,1);for(let e=0;e<n.data.length;e++)if(0!==n.data[e])return!1;return!0}function u(e,t,n,a){switch(t){case"flag":return n(e,"\ud83c\udff3\ufe0f\u200d\u26a7\ufe0f","\ud83c\udff3\ufe0f\u200b\u26a7\ufe0f")?!1:!n(e,"\ud83c\udde8\ud83c\uddf6","\ud83c\udde8\u200b\ud83c\uddf6")&&!n(e,"\ud83c\udff4\udb40\udc67\udb40\udc62\udb40\udc65\udb40\udc6e\udb40\udc67\udb40\udc7f","\ud83c\udff4\u200b\udb40\udc67\u200b\udb40\udc62\u200b\udb40\udc65\u200b\udb40\udc6e\u200b\udb40\udc67\u200b\udb40\udc7f");case"emoji":return!a(e,"\ud83e\u1fac8")}return!1}function f(e,t,n,a){let r;const o=(r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):document.createElement("canvas")).getContext("2d",{willReadFrequently:!0}),s=(o.textBaseline="top",o.font="600 32px Arial",{});return e.forEach(e=>{s[e]=t(o,e,n,a)}),s}function r(e){var t=document.createElement("script");t.src=e,t.defer=!0,document.head.appendChild(t)}a.supports={everything:!0,everythingExceptFlag:!0},new Promise(t=>{let n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.supportTests)return e.supportTests}catch(e){}return null}();if(!n){if("undefined"!=typeof Worker&&"undefined"!=typeof OffscreenCanvas&&"undefined"!=typeof URL&&URL.createObjectURL&&"undefined"!=typeof Blob)try{var e="postMessage("+f.toString()+"("+[JSON.stringify(s),u.toString(),c.toString(),p.toString()].join(",")+"));",a=new Blob([e],{type:"text/javascript"});const r=new Worker(URL.createObjectURL(a),{name:"wpTestEmojiSupports"});return void(r.onmessage=e=>{i(n=e.data),r.terminate(),t(n)})}catch(e){}i(n=f(s,u,c,p))}t(n)}).then(e=>{for(const n in e)a.supports[n]=e[n],a.supports.everything=a.supports.everything&&a.supports[n],"flag"!==n&&(a.supports.everythingExceptFlag=a.supports.everythingExceptFlag&&a.supports[n]);var t;a.supports.everythingExceptFlag=a.supports.everythingExceptFlag&&!a.supports.flag,a.supports.everything||((t=a.source||{}).concatemoji?r(t.concatemoji):t.wpemoji&&t.twemoji&&(r(t.twemoji),r(t.wpemoji)))}); //# sourceURL=https://thesheryar.com/wp-includes/js/wp-emoji-loader.min.js </script> </body> </html>