Security Headers for WordPress -


i'm testing out security headers , got following setup currently:

# security headers <ifmodule mod_headers.c> header set content-security-policy: "default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; font-src https: data:;" header set x-frame-options "sameorigin" header set x-xss-protection "1; mode=block" header set referrer-policy: no-referrer-when-downgrade </ifmodule> 

with hsts , nosniff headers applied in cloudflare.

any suggestion improved changed upon? , know how configure public-key-pins flexible cloudflare ssl certificate?

thanks further information in advance!


Comments

Popular posts from this blog

php - Vagrant up error - Uncaught Reflection Exception: Class DOMDocument does not exist -

vue.js - Create hooks for automated testing -

Add new key value to json node in java -