Archives: Definitions

The Content Security Policy is a powerful security header, which allows fine-grained control over the (types of) resources that your site is allowed to load. The Policy is sent to the visitor’s browser as ‘instructions’ on what type of content may be loaded from which sources. Source Directives are used to specify types of content and sources to be allowed. All resources not included into the Content Security Policy will be blocked. Really Simple SSL Pro allows site administrators to

Frame-ancestors is one of the directives of the Content-Security-Policy header. It allows website administrators to determine whether a site or page may be embedded in another site (like being loaded in an iFrame). Why you should use frame-ancestors iFrames are frequently used to execute click-jacking attacks. During these attacks a malicious site loads the affected site in an iFrame, tricking site visitors to unintentionally click on buttons or links on the malicious site. The intention could be to download malware,

The Upgrade Insecure Requests directive is part of the Content Security Policy header, and is intended to prevent Mixed Content issues. It instructs the browser to upgrade all HTTP resource requests to the site to HTTPS before they are sent. The directive helps prevent most Mixed Content issues by automatically upgrading HTTP subresources on the website to HTTPS. Note that the actual transition of your entire WordPress site to SSL still relies on a proper 301 redirect to https://. The

If a website contains mixed content, it means that the site contains both secure (HTTPS) and insecure (HTTP) content. Mixed content usually occurs whenever SSL is installed and the website is migrated from HTTP to HTTPS. The site still contains all kinds of references to the ‘old’, HTTP address of the site. Why is mixed content a problem? Since the last decade, SSL encryption has become a must-have for all websites and web applications. If content such as images, scripts

The Referrer-Policy controls how much information your browser shares with a destination site when clicking a link. By default, browsers include a HTTP request header called “Referrer” to send information to the destination site about where the link was located. The Referrer header can contain the full URL of the page where the link was clicked, and the Referrer Policy allows you to limit or adjust what gets sent. For example, you are now on the page “https://really-simple-ssl.com/definition/what-is-referrer-policy/”. If you