ssl security headers

The following recommended security headers are not detected:

If you get this error from Really Simple SSL or WordPRess Site Health try this fix.
Go into your root directory, wither through your hosting account, then file manager or FTP.
Go to www folder or public_html and look for the .htaccess file. If you are going through your hosting you may need to click settings and show hidden files.

I used this code at the bottom of my .htaccess file

NOTE: you may need to change the quotes depending on how your browser copies.

<IfModule mod_headers.c>
Header always set X-Frame-Options: “SAMEORIGIN”
Header always set Strict-Transport-Security: “max-age=31536000” env=HTTPS
Header always set Content-Security-Policy “upgrade-insecure-requests”
Header always set X-Content-Type-Options “nosniff”
Header always set X-XSS-Protection “1; mode=block”
Header always set X-Frame-Options “SAMEORIGIN”
Header always set Referrer-Policy: “no-referrer-when-downgrade”
Header always set Expect-CT “max-age=7776000, enforce”
Header always set Permissions-Policy “geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);”


Caleb O'Loan

Author Caleb O'Loan

More posts by Caleb O'Loan
Call Now Button