Replies: 0
CF7 currently uses inline scripts at the bottom of the page to store global settings variables (wpcf7 and wpcf7cf_global_settings).
I would like to disable inline javascript with Content Security Policy headers, but this would break CF7. There’s no reason why these couldn’t be stored in an external file and loaded, or even stored in JSON as <script type=”text/json”> nodes instead and loaded after page load.