X-XSS Protection Header and more
-
Hey,
i friend said to my, that in my wordpress installation the following security issues should be fixed. With Ninja enabled of course.
He said:
– X-XSS Protection Header Missing. Add Response-Header: X-XSS-Protection: 1; mode=block
– Add Content Security Police.
Maybe as Response-Header: Content-Security-Policy: script-src ‘self’;
or as Meta-Tag in Index: <meta http-equiv=”Content-Security-Policy” content=”script-src ‘self’;”>– SRI is missing!
https://fonts.googleapis.com/css?family=Roboto:100,300
https://maxcdn.bootstrapcdn.com/boot…tstrap.min.css
https://ajax.googleapis.com/ajax/lib…/jquery.min.js
Possible solution:
<script src=”https://code.jquery.com/jquery-2.1.4.min.js” integrity=”sha384-R4/ztc4ZlRqWjqIuvf6RX5yb/v90qNGx6fS48N0tRxiGkqveZETq72KgDVJCp2TC” crossorigin=”anonymous”></script>– SameSite Cookie is missing:
Possible solution:
Set-Cookie: key=value; SameSite=strictHow can i do this?
- The topic ‘X-XSS Protection Header and more’ is closed to new replies.
