Replies: 0
Hello Conrad,
I asked two questions 3 months ago but did not receive any answer. I repeat them with another issue and would appreciate your comments.
For X-Permitted-Cross-Domain-Policies, I add the following to the .htacess file:
Header set X-Permitted-Cross-Domain-Policies "master-only"
Is it possible to add it to the General Options page?
In view of child-src being deprecated, should it still be included on the CSP Options page?
On a site using the Twenty Sixteen theme I have the following with HTML5 validation:
Error: Content-Security-Policy HTTP header: Bad content security policy: Expecting end of policy but found ",".
This disappears if Enable Content Security Policy is not checked. Do you know why this is happening and how to prevent this error from occurring?
Btw, securityheaders.io now redirects to https://securityheaders.com/