Dareboost issues

  • Dear Sir,

    Thanks a lot for this plugin, it seems to take care of many different important security issues.

    I am running Dareboost analysis and it points a number of issues (as bellow) that should be solved by now by this plugin. I am not sure if there is a mistake on my part or it is the analysis that is wrong.

    1. It says the The Content Security Policy is missing. On the plugin I have “block mixed content”; sandbox “not set” – when I set something different my site does not load; require-sri-for – “scripts and stylesheet” – I save this setting but when I come back it shows “not set”, not sure if it is saving right.

    2. This page is exposed to “clickjacking” type attacks. On the plugin I choose “deny” on X-Frame-Options.

    3. Block access to the entire page when an XSS attack is suspected. On the plugin I choose 1; mode=block on X-XSS-Protection.

    4. Disable the auto detection of resource type. On the plugin I have “nosniff” on X-Content-Type-Options.

    Thanks a lot!

    • This topic was modified 6 years, 10 months ago by netojose.
    • This topic was modified 6 years, 10 months ago by netojose.
    • This topic was modified 6 years, 10 months ago by netojose.

    The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)
  • Plugin Author Dylan

    (@dyland)

    A lot of the X- options are not necessarily enforced – the X stands for experimental, non-standard, and it’s up to the browser to decide what it wants to do with the setting.

    Require-SRI is a brand new setting I haven’t used much yet. I have to be careful I don’t break clients’ site.

    If you start your browser’s developer console (usually F12) it should show you the issues its blocking – you probably have some mixed content that isn’t obvious, perhaps an included script is causing issues.

Viewing 1 replies (of 1 total)
  • The topic ‘Dareboost issues’ is closed to new replies.