Archives: Definitions

The Content Security Policy is a powerful security header, which allows fine-grained control over the (types of) resources that your site is allowed to load. The Policy is sent to the visitor’s browser as ‘instructions’ on what type of content may be loaded from which sources. Source Directives are used to specify types of content and sources to be allowed. All resources not included into the Content Security Policy will be blocked. Really Simple SSL Pro allows site administrators to

Frame-ancestors is one of the directives of the Content-Security-Policy header. It allows website administrators to determine whether a site or page may be embedded in another site (like being loaded in an iFrame). Why you should use frame-ancestors iFrames are frequently used to execute click-jacking attacks. During these attacks a malicious site loads the affected site in an iFrame, tricking site visitors to unintentionally click on buttons or links on the malicious site. The intention could be to download malware,

Upgrade Insecure Requests is one of the directives of the Content Security Policy. It instructs the browser to upgrade all requests to the site to HTTPS. The Upgrade Insecure requests directive can help to prevent Mixed Content issues by upgrading requests to HTTPS before they are even sent. It is a vital header to enforce SSL, in combination with HTTP Strict Transport Security (HSTS) and 301 redirects to HTTPS. Just like other security headers, the CSP: Upgrade-Insecure-Requests header is set

If a website contains mixed content, it means that the site contains both secure (HTTPS) and insecure (HTTP) content. Mixed content usually occurs whenever SSL is installed and the website is migrated from HTTP to HTTPS. The site still contains all kinds of references to the ‘old’, HTTP address of the site. Why is mixed content a problem? Since the last decade, SSL encryption has become a must-have for all websites and web applications. If content such as images, scripts

The Referrer-Policy header was created to control information sent by browsers to destination servers when clicking on hyperlinks. The http standard includes a http request header called “referrer” that is used by your browser to send information to a site you are visiting after clicking a hyperlink to that site. This referrer can contain the complete url of the page that the link was on. Example: You are now on the page “https://really-simple-ssl.com/definition/what-is-referrer-policy/”. If you click on a link like https://complianz.io your