Hi @jaydub-1,
Thank you for downloading the Headers Security Advanced & HSTS WP plugin. I’m Andrea, thanks for your feedback I wanted to update you that within a few hours I will release a patch of the plugin with the resolution of your issue.
For any information or help I am here to help you
That sounds good, many thanks.
Is there a way to add multiple domains also?
Hello @jaydub-1,
Since the X-Frame-Options header with the ALLOW-FROM directive supports only a single URL per response (and is becoming obsolete in favor of Content Security Policy (CSP) for more granular controls), you should consider using CSP with the frame-ancestors directive if you need to specify multiple domains from which to allow embedding. This provides more flexibility and security.
Much appreciated. Will your plugin control CSP moving forward?
hello @jaydub-1,
I try to constantly update the plugin and keep it with the latest STANDARDS from OWASP and Mozilla Dev.