HTTP Header Security
-
I have been working on hardening the security on my website and one of the places I have been focusing is HTTP Headers. I am getting an error on my HTTP Header Content Security Policy where your plugin/widget requires ‘unsafe-eval’ to allow your widget to work for script-src. Allowing ‘unsafe-eval’ can allow notorious XSS attack vectors to happen on websites. Hackers all the time look at security on websites and if they see ‘unsafe-eval’ being allowed in the header, this could cause all sorts of problems.
Is there a way to include the script files in the plugin rather than deploying them in this manner?
Thanks,
Jerrad
- The topic ‘HTTP Header Security’ is closed to new replies.
