Dear Shifter User, Thank you for your continued support of Shifter.
We are pleased to announce that security header policies have now been applied to all Shifter sites. This update is especially beneficial for users who have received warnings from security scanning tools regarding missing headers such as CSP, COOP, or CORP.
What’s New
Standard Security Header Policy — Applied to All Sites
Key security headers including CSP (Content Security Policy), COOP, CORP, COEP, and Referrer Policy have been added to all sites. The configuration is balanced to support common WordPress use cases, including external scripts, contact forms, and Google Analytics.
Strict Policy (Optional)
For sites with higher security requirements, we offer a strict policy option that enforces additional restrictions such as limiting cross-site embedding and disabling eval execution. To enable this, please contact our support team.
Getting Started
The standard policy has already been applied to all sites — no action is required on your end.