HttpHeader 1.0.7
This is the seventh patch release of the HttpHeader Plugin.
Changelog
- Append optional style and script hashes for script-src and style-src
- Add the csp directive 'frame-ancestors' when the x-frame-options option is enabled
- Make sure csp headers are not added to the server config file as they are not static
- make sure only headers marked as
both
are added to the serverconfig files.
Features
This plugin allows you to set all security http headers using a Joomla plugin:
- Strict-Transport-Security
- Content-Security-Policy
- Content-Security-Policy-Report-Only
- X-Frame-Options
- X-XSS-Protection
- X-Content-Type-Options
- Referrer-Policy
- Expect-CT
- Feature-Policy
This plugin also comes with some easy defaults for:
- X-Frame-Options
- X-XSS-Protection
- X-Content-Type-Options
- Referrer-Policy