Introducing Customizable CSP Header Rules in Version 5.26!

  • ResolvedPlugin Author Andrea Ferro

    (@unicorn03)


    1 year, 8 months ago

    I am happy to introduce version 5.26 of the plugin, which offers two important new features to improve the security of your website.

    Now, you will be able to customize the Content-Security-Policy (CSP) Header rules to have more specific control over the resources allowed by browsers.

    But don’t worry if you’re not an expert! I’ve got you covered too: the plugin will automatically set up a standard rule, making it easy and safe to access protection against cross-site scripting (XSS) attacks.

    Are you experiencing problems with the plugin? Don’t worry, we are here to help you! If you encounter difficulties, we recommend following three simple steps for a quick fix.

    First, try deactivating the plugin and reactivating it: this is often enough to resolve any temporary conflicts. If the problem persists, try reinstalling the most recent version of the plugin to ensure that all fixes are applied. Finally, don’t forget to clear your website’s cache to ensure that changes are displayed correctly.

    By following these simple tips, you will be able to enjoy the full functionality of the plugin without a hitch!

    Andrea Ferro

    Check out all the new features of this version now and protect your website without stress!

Viewing 5 replies - 1 through 5 (of 5 total)

  • Good morning

    Thanks for this update. My site is A+ and I see no malfunction.

    I always have some errors with google :

    Error with Permissions-Policy header: Parse of permissions policy failed because of errors reported by structured header parser.

    Missing script-src directive. It allows the execution of insecure scripts. script-src High

    The absence of object-src makes it possible to inject plugins that run insecure scripts. Consider setting object-src to “none” if you can. object-src High

    and also : Permissions-Policy : We detected an invalid directive, ” window-management()”.

    Can you give some examples to add or remove permissions with the new interface?

    THANKS

    • This reply was modified 1 year, 8 months ago by bjpbkk.
    • This reply was modified 1 year, 8 months ago by bjpbkk.
    • This reply was modified 1 year, 8 months ago by bjpbkk.
    Plugin Author Andrea Ferro

    (@unicorn03)

    Hi @bjpbkk, thank you for using the plugin and for the feedback this allows me to optimize the plugin more and more and offer quick assitance to everyone.

    Sure! Here’s an explanation of how to add CSP rules using the two widely used and recommended tools for Firefox and Chrome:

    1. Content Security Policy Gen (Firefox):
      • Install the “Content Security Policy Gen” extension from this link in your Firefox browser.
      • After installation, visit the website for which you want to generate CSP rules.
      • Click on the extension icon in the browser toolbar to initiate the site scan.
      • The extension will scan the website and generate recommended CSP rules based on the resources present on the site.
      • Copy the generated CSP rules from the extension’s output.
    2. Content Security Policy Checker (Chrome):
      • Install the “Content Security Policy Checker” extension from this link in your Google Chrome browser.
      • Access the website for which you want to generate CSP rules.
      • Click on the extension icon in the browser toolbar to initiate the site scan.
      • The extension will scan the website and generate recommended CSP rules based on the resources present on the site.
      • Copy the generated CSP rules from the extension’s output.

    Once you have obtained the CSP rules from one of the tools, follow these steps to add them using the “Headers Security Advanced & HSTS WP” plugin:

    1. Access the Plugin Settings:
      • In your WordPress website, log in to the administration area and navigate to the installed plugins section.
      • Find and click on the “Headers Security Advanced & HSTS WP” plugin to access its settings.
    2. Configure the CSP Header:
      • Inside the plugin settings, look for the “CSP Header” option and click on it to open the CSP rules configuration section.
    3. Paste the CSP Rules:
      • In the CSP Header section, you’ll find a field where you can paste the CSP rules generated previously by the tool.
      • Paste the rules into the designated field, ensuring they are correctly formatted.
    4. Save the Changes:
      • After pasting the CSP rules, click on “Save” or “Update” to apply the changes.

    By using the recommended tools, you can generate specific CSP rules for your site, ensuring enhanced security and avoiding the implementation of unnecessary rules.

    At the core of my plugin’s mission: ‘Security is a right, not a privilege.’ Rest assured, the security solution is completely free and simple without complicated or endless configurations. Protect your website with security and ease.

    Plugin Author Andrea Ferro

    (@unicorn03)

    I have released version 5.27 where it fixes a problem with the “window-management” value so you don’t see a non-conforming value.

    Hi

    Sorry but it does not solve this small problem.

    I always have : Permissions-Policy : We detected an invalid directive, ” window-management”.

    Version 5.0.27 and I clean my cache.

    A link with the test

    Merci

    csp test from https://observatory.mozilla.org/ have diferent output

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Introducing Customizable CSP Header Rules in Version 5.26!’ is closed to new replies.