InterwebsQ: ๐ Hello, I tried adding a feature request to your Trello board, but the only available option to me was "Watch."
I'll add my idea here. ๐
My feature request is to add Security Headers / Content Security Policies that would write to `.htaccess` or `.conf` file. A user will select from several configurations, and the plugin will generate rules for different plugins like LSCache, WP Rocket, Wordfence, and more.
I can do this myself, but I also think this would be objectively useful and pretty differentiated (I think) among WordPress plugins. Below is an example. Thanks for reading!
# CSP Headers
Header set Referrer-Policy "no-referrer-when-downgrade"
Header unset Content-Security-Policy
Header add Content-Security-Policy "upgrade-insecure-requests"
Header set X-Content-Type-Options "nosniff"
Header set X-XSS-Protection "1; mode=block"
Header set X-Frame-Options "SAMEORIGIN"
Header always edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
Header set Permissions-Policy: microphone=(), camera=()
# HSTS
<If "%{HTTPS} == 'on'">
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
</If>
Ivan_WebFactoryLTD
May 15, 2024A: Hi,
Thanks for sharing!
I've copied this and forwarded it to our lead dev, so we will definitely take it into consideration for future updates :)
Verified purchaser
Hello, is this feature implemented nowadays?