effsasfse

Absolutely fantastic answers yorman! Thank you for the quick and very detailed reply! That security headers site sure helps a lot and lets me know that yes, I did set things up right. However, I got a “C” as a rating for my site. Then it suggested the following in order to get an A:

Strict-Transport-Security HTTP Strict Transport Security is an excellent feature to support on your site and strengthens your implementation of TLS by getting the User Agent to enforce the use of HTTPS. Recommended value “strict-transport-security: max-age=31536000; includeSubDomains”.

Content-Security-Policy Content Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets.

Referrer-Policy Referrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites.

Feature-Policy Feature Policy is a new header that allows a site to control which features and APIs can be used in the browser.

Guess my final questions are, are you guys looking to add these into your plugin (for checking/how to’s) like you did with the others?

Last question, I know some plugins mess with the .htaccess file, but yours we have to do it manually. This is a problem for me as a web designer with quite a few sites that I now have to manually alter the .htaccess file on all of them to tighten up security. Will your plugin even have a button that can inject the code automatically? That would be VERY nice.

Thank you again!!