Great plugin first of all!
i used 2 security header test tool and in one i got a A+ and with Serpworx, i got 77, there 2 that failed to pass the test:
1- X Permitted Cross Domain Policies
2- Feature Policy
The tool suggested me to add these codes:
For point 1:
Header set X-Permitted-Cross-Domain-Policies “none”
For point 2:
Header set Feature-Policy “camera ‘none’; fullscreen ‘self’; geolocation *; microphone ‘self’ https://www.example/*”
I could add them in the htaccess, but it would be better to add them with the plugin and not touch code, especially for non-developers.
- You must be logged in to reply to this topic.