The simpler media website CMS
Hello,
Lighthouse gives me a warning :
No CSP found in compliance mode.
Should I add
Header set Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self';"
in my .htaccess file ?
Comments
There is a http_security_header plugin included you can set such headers.
This http_security_header plugin seems really great. I do not know why I have not tried it before.
I will read the 22 pages (plugin links) to fully understand how to use it.
Thank you acrylian.
In practice you mostly need a few things. A lot it provides is rather advanced to setup and can even cause problems on your site if set wrong.
What settings would you suggest ?
Zemphoto users could also be interested.
You could add your suggestions in your online manual pages !
On our own site we only have Content Security Policy, XSS-Protection and Referrer Policy = Same Origin enabled.
I really cannot recommend any standard setting as this is not ZP specific and depends. As you noticed there are docs linked for more info.