Support » Plugin: Headers Security Advanced & HSTS WP » Failed 2 security header tests

  • Resolved alex.alp

    (@alexalp)


    Hello,
    Great plugin first of all!

    i used 2 security header test tool and in one i got a A+ and with Serpworx, i got 77, there 2 that failed to pass the test:
    1- X Permitted Cross Domain Policies
    2- Feature Policy

    The tool suggested me to add these codes:
    For point 1:
    <IfModule mod_headers.c>
    Header set X-Permitted-Cross-Domain-Policies “none”

    <IfModule mod_headers.c>

    For point 2:
    <IfModule mod_headers.c>
    Header set Feature-Policy “camera ‘none’; fullscreen ‘self’; geolocation *; microphone ‘self’ https://www.example/*&#8221;

    <IfModule mod_headers.c>

    I could add them in the htaccess, but it would be better to add them with the plugin and not touch code, especially for non-developers.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Andrea

    (@unicorn03)

    Hi @alexalp, we are happy that you are using Headers Security Advanced & HSTS WP plugin.

    I’m here to help in the best possible way I learned about your issue and by the end of the week there will be an update with some optimization and feedback.

    I’m going to start some testing now and I’ll write back to you as soon as I finish two tests.

    Thanks and I hope you like the support

    Plugin Author Andrea

    (@unicorn03)

    Hi @alexalp, thanks again for your feedback we have come to the time to code and verify the issue you were experiencing in the previous ticket.

    After some verifications I can confirm that tomorrow we will release the Headers Security Advanced & HSTS WP update with version 4.8.88. The update implements some coding optimizations and some new headers.

    The issue that Serpworx reports to you in this case “Feature-Policy” is a deprecated and renamed “permissions-policy” header.
    We care a lot about the reports, though, so it was decided that version 4.8.88 was optimized with the Serpworx tool.

    We thank you again for your helpfulness, if you have the time a review would be nice.

    thanks

    Thread Starter alex.alp

    (@alexalp)

    hello Andrea,
    I just updated the plugin with the latest version (4.8.89) and the
    X Permitted Cross Domain Policies issue is finally fixed now, thank you so much! I really appreciate you looked into this.

    The tool still points out the Feature Policy issue, but for what you said, i should just ignore it, shouldn’t i?

    Plugin Author Andrea

    (@unicorn03)

    Hi @alexalp, thank you for the feedback, you are welcome and I am happy to help you with any information or issues.

    the feature-policy feature is deprecated and renamed however if you want you can email us with the link so we can test with serpworx

    We are also available at the following email address:
    support@tentacleplugins[dot]com

    best regards

Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.