Search
Generic filters
Exact matches only

Recommended WordPress Security Headers in .htaccess

25th February 2021

Admin WP

wordpress category

Check your security headers here https://sitecheck.sucuri.net/

At the bottom left hand corner after the scan, it will provide information to help you know what security headers you need.
Add this to the .htaccess file in the root of your directory, it will help with the following: –

HSTS – When this header is set on your domain, a browser will do all requests to your site over HTTPS from then on.
Upgrade-Insecure-Requests – This header is an additional method to force requests to your own domain over https
X-Content-Type-Options – This header will force the browser not to “guess” what kind of data is passed. If the extension is “.doc”, the browser should get a .doc file, not anything else like an executable file (.exe)
X-XSS-Protection – Will stop pages from loading if a reflected cross-site scripting (XSS) attack is detected.
Expect-CT, Certificate Transparency – A Certificate Authority (the issuer of the SSL certificate) needs to log the certificates that are issued in a separate log, preventing fraud.
No Referrer When Downgrade header – Only sets a referrer when going from the same protocol and not when downgrading (HTTPS -> HTTP).

security headers htaccess

and after applying these rules
security headers applied

Was this code snippet helpful?

Comment on this Code Snippet?