Really Simple SSL

How to use the Feature Policy header

Mark

Mark

Share on facebook
Share on twitter
Share on linkedin

Since version 2.1.14 Really Simple SSL Pro has the ability to add the Feature Policy security header to your site.

What is the Feature Policy header

The Feature Policy header is a security header that controls which browser features can be used. Besides implementing these rules for your own content it can also prevent external iframes from using these browser features, making it a powerful header to secure your site.

This allows you to have fine-grained control over which browser functions your site can use. There are a lot of directives which can be controlled with the Feature Policy header. For an extensive overview of all directives see this list by Mozilla.

Each directive can have one of these three values:

  • * (this feature is allowed for your entire site, including external iframes)
  • self (this feature is allowed for content coming from your own domain, blocking this feature for external iframes)
  • none (this feature is not allowed on your site at all)

How to use the Feature Policy header generator

You can find the Feature Header policy settings in the Settings->SSL->Security Headers tab. To enable the Feature Policy header, enable the ‘Turn Feature Policy header on‘ option. Once enabled, a list of directives and their values will appear. By default all directives will have the * value. You can change the value for each directive by selecting a different value from the dropdown:

After pressing the ‘Save’ button near the bottom of the page, the Feature Policy will be automatically updated in your .htaccess file.

Any questions or remarks? Contact us and let us know what you think!

 

Related articles

Leave a Reply

Subscribe