Thanks for the feedback.
There are a couple of newer security headers I will look to support.
I have abandoned any reasonable expectation of supporting Content-Security-Policy in WordPress sensibly.
The problem with CSP is you want to provide it in the admin interface, as that is where the XSS issues that matter most, and it varies with each plugin used.
Thread Starter
bozon
(@bozon)
That’s great! Looking forwards to that.
With regards to SCP, would it be possible to have it in a form of an ‘advanced’ field, perhaps? For now, I am utilising .htaccess to add this header, but it would certainly be easier to have everything in one place. Although, I agree that SCP is a tricky subject, and requires from the admin some extra care.
Cheers