Zabezpieczenia nagłówków HTTP w WordPress

W pliku functions.php dodajesz

header("Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:");
header('X-Frame-Options: SAMEORIGIN');
header('X-XSS-Protection: 1; mode=block');
header('X-Content-Type-Options: nosniff');
header('Strict-Transport-Security:max-age=31536000; includeSubdomains; preload');
header("Feature-Policy: vibrate 'self'; usermedia *; sync-xhr 'self' https://tomlot.eu");
@ini_set('session.cookie_httponly', true);
@ini_set('session.cookie_secure', true);
@ini_set('session.use_only_cookies', true);

lub w pliku .htaccess
dodajesz

Header set Strict-Transport-Security "max-age=31536000; includeSubDomains"
Header set X-XSS-Protection "1; mode=block"
Header set X-Frame-Options "sameorigin"
Header set X-Content-Type-Options "nosniff"
Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:"
Header always set Referrer-Policy "same-origin"
Zastosowanie: 

Zabezpieczenie Strict-Transport-Security X-XSS-Protection X-Frame-Options X-Content-Type-Options Content-Security-Policy Referrer-Policy Feature-Policy

Wiedza: 
Praktyczna
Kategoria: