HTTP Headers Security Analyses/ Website CMS/ Expect CT

  • Bonjour Carl,

    I also send you a Facebook message.
    You are working on nice things and I see we have many same interest,
    like Audio, Music, Synthesizers and Sounds.

    I really like your HTTP Headers plug-in.
    Bravo !

    I have a question how I can set the HTTP Headers Security Analyses for the following (missing) optional HTTP Headers (if possible in your app):
    – Access-Control-Allow-Origin
    – Public-Key-Pins
    – Public-Key-Pins-Report-Only

    Do you have some tips?

    My second question is about the PCI DSS Compliance Analyses.
    I got the message:
    Requirement 6.2: Website CMS or it’s component seem to be outdated.
    But requirements 6.5 and 6.6 are both excellent.
    Do you know what is going on?

    Both questions can be seen with the website tester:
    https://www.immuniweb.com/websec

    Last question is about the Expect CT.
    I set it to: Enforce with max-age=2592000
    That is recommended in your app.
    But immuniweb things this header is not properly set.
    What do you think?

    Thanks in advantage and best regards from The Netherlands,

    Danny Rorije

    The page I need help with: [log in to see the link]

  • The topic ‘HTTP Headers Security Analyses/ Website CMS/ Expect CT’ is closed to new replies.