How to set referrer-policy and x-xss-protection

  • Resolved andbale

    (@andbale)


    5 months, 2 weeks ago

    Hi Andrea,

    your plugin is very interesting and would let me to avoid server-side configurations.

    My only difficulty is how to integrate x-xss-protection and referrer-policy. I’ve read that it is possible, but how?

    My goal is to set referrer-policy as strict-orogin-when-cross-origin and x-xss-protection as 1; mode=block.

    Thanks

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Andrea Ferro

    (@unicorn03)

    hi @andbale,

    I have taken charge of your request and I will respond as soon as possible, thank you for the open thread.

    Plugin Author Andrea Ferro

    (@unicorn03)

    Hi @andbale,

    Thank you for your thread and for downloading the plugin. I am Andrea and I will help you in your request.

    I confirm you that with the developed plugin I tried to make it more and more functional and simple, to answer your request: I confirm you that the referrer-policy: strict-origin-when-cross-origin header is set automatically by the plugin on your site and also the header.

    For the header the X-XSS-Protection header was supported by early versions of the plugin, then over time some documentation changed and I removed that HTTP response header X-XSS-Protection was a feature of Internet Explorer, Chrome and Safari that prevented pages from loading when they detected cross-site scripting attacks.

    The decision was made because of such descriptions that I want to provide for the sake of completeness of the thread.

    Note:

    This means that if you don’t need to support legacy browsers, we recommend that you use the Content-Security-Policy option that I have remaining part and even with the ability to customize values in the case of the more experienced.

    I hope I have helped you and offered good assistance ??

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.