11-20-2017, 07:01 PM
Secure Headers modification for 4.3.4
Copy and paste the code in the HTML pane from https://codepen.io/Scally/pen/wPyjgd
modified version of header.php
location: users/includes folder
Seven security headers are identified in this modification, only the content-security-policy HTTP header has not been applied.
My understanding is that the content-security-policy header provides a whitelist of approved external and internal sources of files used by the site.
It would be possible to identify those sources used by UserSpice, but you are not able to identify sources needed in user pages.
With each header I have given optional settings that might be used to tweak performance.
I hope the settings I have started with and the location of the mod in the header.php file are OK.
I have used https://securityheaders.io/ to scan the site before and after applying this modification.
Copy and paste the code in the HTML pane from https://codepen.io/Scally/pen/wPyjgd
modified version of header.php
location: users/includes folder
Seven security headers are identified in this modification, only the content-security-policy HTTP header has not been applied.
My understanding is that the content-security-policy header provides a whitelist of approved external and internal sources of files used by the site.
It would be possible to identify those sources used by UserSpice, but you are not able to identify sources needed in user pages.
With each header I have given optional settings that might be used to tweak performance.
I hope the settings I have started with and the location of the mod in the header.php file are OK.
I have used https://securityheaders.io/ to scan the site before and after applying this modification.