Click Jacking bypass X-Frame-Options

Hi @laboiteare, thank you for using the plugin. I am Andrea I will help you with your request.

I will answer you in the afternoon after checking your topic with the best solution.

Hi @laboiteare, here I am back to you ?? The vulnerability regarding the bypass of X-Frame-Options and potential clickjacking is a serious issue for website security. The proposal to implement a Content-Security-Policy (CSP) header with the ‘frame-ancestors’ option set to ‘self’ is an important step to mitigate these kinds of attacks, and I am happy to confirm that I have already been working on integrating this functionality into the plugin (so you can add your own custom CSP rules,s effortlessly and easily).

In creating your own CSP rules, I recommend some useful resources that I have personally tested and use:

Check CSP test website csper.io/evaluator
Check CSP Evaluator csp-evaluator.withgoogle.com
CSP Content Security Policy Generator addons.mozilla.org

These resources will help you evaluate and generate effective CSP policies for your own Web sites.

I continue to work on security and improving the plugin to provide the best possible experience.

If you have additional questions or need more details about your plugin’s security, please don’t hesitate to ask.

Hello and thank you for taking this question seriously.

I will look into generating custom rules, but can you tell me if, in the future, this rule could be implemented automatically in your extension?

(For my part, I have a lot of sites with your extension, and it would be a phenomenal time saver if it was done alone)

Thank you for everything

Hi @laboiteare, thanks for your feedback! currently a feature is implemented to insert generated CSP rules.

In the next versions I am working on making this automatic, but before effecting this I am currently checking and testing several developments.

I hope you enjoyed the assistance and please feel free to write to me for further information or help.