- This topic has 1 reply, 2 voices, and was last updated 4 years, 6 months ago by
.
-
Posts
-
Hello, I have found a nice snippet to include security headers:
add_action(‘send_headers’, function(){
// Enforce the use of HTTPS
header(“Strict-Transport-Security: max-age=31536000; includeSubDomains”);
// Prevent Clickjacking
header(“X-Frame-Options: SAMEORIGIN”);
// Prevent XSS Attack
header(“Content-Security-Policy: default-src ‘self’;”); // FF 23+ Chrome 25+ Safari 7+ Opera 19+
header(“X-Content-Security-Policy: default-src ‘self’;”); // IE 10+
// Block Access If XSS Attack Is Suspected
header(“X-XSS-Protection: 1; mode=block”);
// Prevent MIME-Type Sniffing
header(“X-Content-Type-Options: nosniff”);
// Referrer Policy
header(“Referrer-Policy: no-referrer-when-downgrade”);
}, 1);I can test my site on securityheaders.com. My problem: this one breaks the site:
// Prevent XSS Attack
header(“Content-Security-Policy: default-src ‘self’;”); // FF 23+ Chrome 25+ Safari 7+ Opera 19+
header(“X-Content-Security-Policy: default-src ‘self’;”); // IE 10+Do you have a solution? Regards Klaus
Customer Support
Hi there,
Not sure if I understand. This doesn’t sound like it’s related to GP.
Have you checked with whoever provided the code?
- You must be logged in to reply to this topic.