Hello, I just checked my site rvolutionize.com at observatory.mozilla.org and so many possible security faults are being listed, I searched for any thread on combating this possible leaks but couldn't find any. I would appreciate any help in ensuring my site is as secure as possible. Thank you.
SSL scores are largely independent of the MyBB software. That’s why.
Share a screenshot of your score, and the errors listed, we’ll try to help you.
[
attachment=41341][
attachment=41339][
attachment=41338][
attachment=41340]
(2018-12-15, 11:49 PM)Ben Cousins Wrote: [ -> ]SSL scores are largely independent of the MyBB software. That’s why.
Share a screenshot of your score, and the errors listed, we’ll try to help you.
Hello, thanks for your reply so I was using the Setting Up HTTPS documentation to add the headers to my sites .htaccess file, the site is rvolutionize.com , so right now, the warnings im getting are from the Content Security Policy and Cookies, I also installed DVZ Secure Content. So here are images of the scan ran on mozilla observatory.
MyBB 1.8 contains numerous inline scripts and styles so these cannot be currently disabled in
Content-Security-Policy
, however you can likely add:
frame-ancestors 'none';
and:
base-uri 'self';
The
Site Details → SameSite Cookie Flag setting can be enabled, and
SRI hashes can be added to external resources (usually in the
headerinclude
template).
(2018-12-16, 04:18 PM)Devilshakerz Wrote: [ -> ]MyBB 1.8 contains numerous inline scripts and styles so these cannot be currently disabled in Content-Security-Policy
, however you can likely add:
frame-ancestors 'none';
and:
base-uri 'self';
The Site Details → SameSite Cookie Flag setting can be enabled, and SRI hashes can be added to external resources (usually in the headerinclude
template).
Thank you very much, will update that.