Title: Dareboost issues Last modified: January 24, 2018 --- # Dareboost issues * [netojose](https://wordpress.org/support/users/netojose/) * (@netojose) * [8 years, 4 months ago](https://wordpress.org/support/topic/dareboost-issues/) * Dear Sir, * Thanks a lot for this plugin, it seems to take care of many different important security issues. * I am running Dareboost analysis and it points a number of issues (as bellow) that should be solved by now by this plugin. I am not sure if there is a mistake on my part or it is the analysis that is wrong. * 1. It says the The Content Security Policy is missing. On the plugin I have “ block mixed content”; sandbox “not set” – when I set something different my site does not load; require-sri-for – “scripts and stylesheet” – I save this setting but when I come back it shows “not set”, not sure if it is saving right. * 2. This page is exposed to “clickjacking” type attacks. On the plugin I choose“ deny” on X-Frame-Options. * 3. Block access to the entire page when an XSS attack is suspected. On the plugin I choose 1; mode=block on X-XSS-Protection. * 4. Disable the auto detection of resource type. On the plugin I have “nosniff” on X-Content-Type-Options. * Thanks a lot! - This topic was modified 8 years, 4 months ago by [netojose](https://wordpress.org/support/users/netojose/). - This topic was modified 8 years, 4 months ago by [netojose](https://wordpress.org/support/users/netojose/). - This topic was modified 8 years, 4 months ago by [netojose](https://wordpress.org/support/users/netojose/). * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fdareboost-issues%2F%3Foutput_format%3Dmd&locale=en_US) to see the link]_ Viewing 1 replies (of 1 total) * Plugin Author [Dylan](https://wordpress.org/support/users/dyland/) * (@dyland) * [8 years, 4 months ago](https://wordpress.org/support/topic/dareboost-issues/#post-9918898) * A lot of the X- options are not necessarily enforced – the X stands for experimental, non-standard, and it’s up to the browser to decide what it wants to do with the setting. * Require-SRI is a brand new setting I haven’t used much yet. I have to be careful I don’t break clients’ site. * If you start your browser’s developer console (usually F12) it should show you the issues its blocking – you probably have some mixed content that isn’t obvious, perhaps an included script is causing issues. Viewing 1 replies (of 1 total) The topic ‘Dareboost issues’ is closed to new replies. * ![](https://s.w.org/plugins/geopattern-icon/wp-content-security-policy_ffffff. svg) * [WP Content Security Plugin](https://wordpress.org/plugins/wp-content-security-policy/) * [Frequently Asked Questions](https://wordpress.org/plugins/wp-content-security-policy/#faq) * [Support Threads](https://wordpress.org/support/plugin/wp-content-security-policy/) * [Active Topics](https://wordpress.org/support/plugin/wp-content-security-policy/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wp-content-security-policy/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wp-content-security-policy/reviews/) * 1 reply * 2 participants * Last reply from: [Dylan](https://wordpress.org/support/users/dyland/) * Last activity: [8 years, 4 months ago](https://wordpress.org/support/topic/dareboost-issues/#post-9918898) * Status: not resolved