Security Headers for WordPress -
i'm testing out security headers , got following setup currently:
# security headers <ifmodule mod_headers.c> header set content-security-policy: "default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; font-src https: data:;" header set x-frame-options "sameorigin" header set x-xss-protection "1; mode=block" header set referrer-policy: no-referrer-when-downgrade </ifmodule>
with hsts , nosniff headers applied in cloudflare.
any suggestion improved changed upon? , know how configure public-key-pins flexible cloudflare ssl certificate?
thanks further information in advance!
Comments
Post a Comment