Out of curiosity, I checked a few sites with https://securityheaders.com, which show the following:
Is this something that could be added on Webinoly or is it intentionally omitted or not actually needed?
Actually, you can find CSP in this file /etc/nginx/common/headers-html.conf, as you can see is empty, you need to manually add the correct values according to your site configuration.
The downside is that this file will be overwritten during some Webinoly updates, that's why we don't promote this feature because is not completely implemented. This feature is scheduled to be developed and released in v1.12.0.
We have no plans for "Feature Policy".
Good to know. I checked a few other well-known sites and I see that in general, Webinoly-powered sites are better than most on this aspect. It seems that implementing Content-Security-Policy will ensure an A rating, which seems to be quite rare.
For now, I am looking forward to v. 1.11.0 :)
This feature is now released: https://webinoly.com/en/documentation/webinolys/#headers
PayPal · GitHub Sponsors · Bitcoin