Support » Plugin: Security Headers » Excellent

  • Works really well! Tested with [link removed]

    For the future releases it would be good to include Content-Security-Policy and the forthcoming Expect-CT options.

    • This topic was modified 2 years, 2 months ago by  bdbrown. Reason: Links not permitted in reviews
Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author SimonRWaters

    (@simonrwaters)

    Thanks for the feedback.

    There are a couple of newer security headers I will look to support.

    I have abandoned any reasonable expectation of supporting Content-Security-Policy in WordPress sensibly.

    The problem with CSP is you want to provide it in the admin interface, as that is where the XSS issues that matter most, and it varies with each plugin used.

    That’s great! Looking forwards to that.

    With regards to SCP, would it be possible to have it in a form of an ‘advanced’ field, perhaps? For now, I am utilising .htaccess to add this header, but it would certainly be easier to have everything in one place. Although, I agree that SCP is a tricky subject, and requires from the admin some extra care.

    Cheers

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Excellent’ is closed to new replies.