XF 2.2 Low security score

NealC

NealC

Well-known member
I ran my site and then the XF community site on the page below and it outlines security issues. Is this something that needs attention?

www.webpagetest.org

WebPageTest

View this on WebPageTest.org...
www.webpagetest.org www.webpagetest.org
 
Sort by date Sort by votes
CSP
You are running advertising, so setting up a restrictive CSP is ... challenging at best and nearly impossible otherwise.
But even a pretty permissive CSP will make WPT happy, though IMHO it won't improve security that much - if you really want this for security you'd have to implement a strict CSP.

HSTS
You can and should setup HSTS.

X-XSS-Protection
X-Xss-Protection can be morleess be safely ignored; most browsers have dropped support for this as it caused more harm than it did any good - currently only IE (does anyone really care?) and Safari do support this header.
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

L
  • Question Question
XF 2.2 Is there a security risk to 2.2.13
Replies
16
Views
184
philmckrackon
philmckrackon
Ozzy47
XF 2.3 Security Recovery Addon
Replies
5
Views
118
MentaL
MentaL
jjasko11
Croatian translation for DragonByte Security 4.7.0
Replies
0
Views
5
jjasko11
jjasko11
cyanidee
  • Locked
Not a bug Security issue?
Replies
7
Views
307
Jeremy P
Jeremy P
Baby Community
language-Turkish-DigitalPoint-Security 1.2.0.3
Replies
0
Views
13
Baby Community
Baby Community
Back
Top Bottom