OLS admin fails PCI compliance scans

[hennaboy]

The following need to be added to the global.php file for the OLS web admin for it to pass pci compliance scan

header("Strict-Transport-Security: max-age=31536000; preload");
header("X-XSS-Protection: 1;mode=block");
header("Referrer-Policy: same-origin");
header("X-Content-Type-Options: nosniff");

This is information provided to myself by sysnet who performed the PCI scan.

 

[litespeed.lauren]

those will be added in next release except "Strict-Transport-Security" header .
This will affect client site as the webadmin domain can be the main site domain.

Thanks for your report.