[Support request] security headers

Home Forums Support security headers

  • This topic has 1 reply, 2 voices, and was last updated 11 months ago by Leo.
Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #1039279
    Klaus

    Hello, I have found a nice snippet to include security headers:

    add_action(‘send_headers’, function(){
    // Enforce the use of HTTPS
    header(“Strict-Transport-Security: max-age=31536000; includeSubDomains”);
    // Prevent Clickjacking
    header(“X-Frame-Options: SAMEORIGIN”);
    // Prevent XSS Attack
    header(“Content-Security-Policy: default-src ‘self’;”); // FF 23+ Chrome 25+ Safari 7+ Opera 19+
    header(“X-Content-Security-Policy: default-src ‘self’;”); // IE 10+
    // Block Access If XSS Attack Is Suspected
    header(“X-XSS-Protection: 1; mode=block”);
    // Prevent MIME-Type Sniffing
    header(“X-Content-Type-Options: nosniff”);
    // Referrer Policy
    header(“Referrer-Policy: no-referrer-when-downgrade”);
    }, 1);

    I can test my site on securityheaders.com. My problem: this one breaks the site:

    // Prevent XSS Attack
    header(“Content-Security-Policy: default-src ‘self’;”); // FF 23+ Chrome 25+ Safari 7+ Opera 19+
    header(“X-Content-Security-Policy: default-src ‘self’;”); // IE 10+

    Do you have a solution? Regards Klaus

    #1039286
    Leo
    Staff
    Customer Support

    Hi there,

    Not sure if I understand. This doesn’t sound like it’s related to GP.

    Have you checked with whoever provided the code?

Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.