No Csp

Hello,

Lighthouse gives me a warning :
No CSP found in compliance mode.

Should I add
Header set Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self';"

in my .htaccess file ?

Comments

  • acrylian Administrator, Developer

    There is a http_security_header plugin included you can set such headers.

  • This http_security_header plugin seems really great. I do not know why I have not tried it before.
    I will read the 22 pages (plugin links) to fully understand how to use it.
    Thank you acrylian.

  • acrylian Administrator, Developer

    In practice you mostly need a few things. A lot it provides is rather advanced to setup and can even cause problems on your site if set wrong.

  • What settings would you suggest ?
    Zemphoto users could also be interested.
    You could add your suggestions in your online manual pages !

  • acrylian Administrator, Developer

    On our own site we only have Content Security Policy, XSS-Protection and Referrer Policy = Same Origin enabled.

    I really cannot recommend any standard setting as this is not ZP specific and depends. As you noticed there are docs linked for more info.

Sign In or Register to comment.