CSP header suggestions

  • nlchris

    (@nlchris)


    3 years, 3 months ago

    Love the plugin. Got a suggestion though. The default content-security-header is by default:

    content-security-policy: report-uri <<site_url>>

    It must at least additionally have:

    default-src, frame-src, frame-ancestors

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Andrea Ferro

    (@unicorn03)

    3 years, 3 months ago

    Hi @nlchris, thanks for using the Headers Security Advanced & HSTS WP plugin and for the beautiful words.

    I confirm you that I am currently working on the translations of the plugin that will come out with the next version and I already have plans in the short term to implement the customization of the segeunti values (default-src, frame-src, frame-ancestors).

    I will update you as soon as possible as soon as I release the next version, and please feel free to contact me for any information or help.

    Thread Starter nlchris

    (@nlchris)

    3 years, 3 months ago

    Hi Andrea! Thank you for your update! Much appreciated.
    And very curious about the next versions 🙂
    Last but not least: for implementing CSP, I mostly use the website https://en.internet.nl/ to test and help me out when implementing the most applicable secure headers. It might be interesting to visit; it is a free initiative from the Dutch government to help website to become “as secure” as possible, covering secure headers as well.

    For example:
    https://en.internet.nl/site/tentacleplugins.com/

    • This reply was modified 3 years, 3 months ago by nlchris.
Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘CSP header suggestions’ is closed to new replies.