I put my new site through an online security check. Several problems were found.
- No content security policy.
I found a post in this Forum dated 2015 about this. But nothing more recent. Is this something that I need to deal with in the Apache config, or in Grav?
Grav seems to have a lot of security features already, so is a security policy neeeded?
Strict transport security. In general, I wonder if it is necessary to deal with this warning. Second, it seems to be an HTTP header setting. How should this best be done with Grav?
vulnerabilities due to Jquery 2.2.4 (another post). Eliminating all Jquery 2.1 dependencies seems to be quite laborious and associated with the Theme I chose.