Carl
Forum Replies Created
-
Hello,
Could you confirm have selected the “Force XSS protection” option?
Regards,
CarlForum: Plugins
In reply to: [HTTP headers to improve web site security] PHP / .htaccessSome cache plugins completely rewrite the http headers, you may have to rewrite manually your .htaccess file with the contents of the .htaccess tab.
Carl
Forum: Plugins
In reply to: [HTTP headers to improve web site security] Page builderDoes the console or the error.log mention some conflict? You need to give extra care if you activate the CSP options as this can prevent the loading of external resources.
Carl
This is probably due to a plug-in or a theme that directly write the headers. The plug-in addresses this within the .htaccess tab in the settings. It provides you with the content to write into your .htaccess file and provides an option “Disable header rewriting”.
This should address your issue.
Carl
Forum: Reviews
In reply to: [HTTP headers to improve web site security] This seems to be what i needHi,
The “right configuration” depends on your needs or goals. This said, you can test your site with securityheaders.com.
Carl
Forum: Plugins
In reply to: [Creator Five] Variation display bugWe need to check what that implies.
Forum: Plugins
In reply to: [Creator Five] Variation display bugI think I understand the issue. Currently, prints can not be managed as variable products.
Forum: Plugins
In reply to: [Creator Five] Variation display bugCan you send me a link to the product page that loads Creator Five?
Carm
Forum: Plugins
In reply to: [HTTP headers to improve web site security] Custom CSP for wp-adminHi Johannes and thanks for your feedback,
I’ve added support for multiple content security policies on the development list. This said, adding additional policies can only further restrict the capabilities of the protected resource.
Regards,
CarlHI,
In fact they are sent in the HTTP headers (before the HTML content of a page). The .htaccess content is provided in case of conflict with cache plug-ins.
Regards,
CarlForum: Plugins
In reply to: [HTTP headers to improve web site security] Feature-Policy: missing featuresHi Sebastian,
Thanks for the suggestion. The first version implemented the list under the Directives header. The remaining features will be integrated soon.
Carl
Forum: Plugins
In reply to: [HTTP headers to improve web site security] Page Speed Ninja Erasing HeadersHello, thanks for your nice comments on the plug-in.
Yes, unfortunately as mentionned in other threads, there is not much to do with plug-ins that remove the headers. This said, the plug-in now genetares the content that you can add to your .htaccess. It is not complete by now but it is the only workaround solution.
Carl
Forum: Plugins
In reply to: [Polylang] Privacy Policy ManagementThanks, it works fine. In fact, I was suspicious because there is no added mention of “Privacy Policy Page” in the administration of the pages.
Forum: Plugins
In reply to: [Progressive WordPress (PWA)] manifest.json in sub folderGorgeous!
Forum: Plugins
In reply to: [Progressive WordPress (PWA)] manifest.json in sub folderHi Nico,
I found this advice in numerous security related blogs some time ago and it has become my habit… Probably because it becomes unreadable from HTTP requests.
Carl