Missing Headers

charlas 2018-09-13 01:35:29 UTC #1

Keywords: WordPress + NGINX + SSL - Google Cloud Platform - How to - Other
Description:

Content-Security-Policy Content Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets.
X-XSS-Protection X-XSS-Protection sets the configuration for the cross-site scripting filter built into most browsers. Recommended value "X-XSS-Protection: 1; mode=block".
X-Content-Type-Options X-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. The only valid value for this header is "X-Content-Type-Options: nosniff".
Referrer-Policy Referrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites.
Feature-Policy Feature Policy is a new header that allows a site to control which features and APIs can be used in the browser.

https://securityheaders.com/?q=http%3A%2F%2Fwww.monyangood.com%2F&followRedirects=on

how can I do for it?

andresrc 2018-09-13 09:50:38 UTC #2

Hi @charlas,

Thanks for using Bitnami. There are several plugins such as [WP Content Security Policy] to configure this headers. A good place to get recommendations on a plugin to use would be the WordPress support forums.

Regards,

Andres R.

moonkrj 2018-09-20 11:23:07 UTC #3

Can I turn off CSP headers with WP Content Security plugin? And what about images? Is it ok to check the valid sources?

Thanks,
RJ Moonk

charlas 2018-09-20 13:47:24 UTC #4

Thanks so much,it is ok everything
Thanks for andresrc,WP Content Security Policy is good to use.
I dont know wp can do it.When I search headers configure,and some different result.And I can't find .htaccess.I try to find it,but the answer is so long to don't know to do.
Anyway thanks .

moonkrj 2018-09-21 05:19:20 UTC #5

Thanks so much,it is ok everything
Thanks for andresrc,WP Content Security Policy is good to use.
I dont know wp can do it.When I search headers configure,and some different result domyhomework.And I can't find .htaccess.I try to find it,but the answer is so long to don't know to do.
Anyway thanks .

I was worrying about the WP Content Security plugin, cause I had a truly bad experience with images, and need to do something about that.

Thanks,
RJ Moonk

charlas 2018-09-21 06:55:10 UTC #6

yes,please turn off csp.

system 2018-10-05 06:55:12 UTC #7

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Bitnami provides free all-in-one installers, virtual machines and cloud images for popular open source applications. Get them now!