Where are the HTTP Sec Headers stored

  • pwsapp

    (@pwsapp)


    6 years ago

    I installed this plug-in and set a number of the HTTP Security Header settings. It appeared to be successful with an “A” grade on Securityheaders.com. I’m curious as to how they are implemented in WordPress. I don’t see any changes to the .htaccess files so it must be some other method.
    Very useful plug-in. Thanks!
    Paul

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter pwsapp

    (@pwsapp)

    These are NOT in any .htaccess files on my server:

    # HTTP security settings start

    Header set Strict-Transport-Security: max-age=2592000; includeSubDomains;
    Header set X-Frame-Options: SAMEORIGIN
    Header set Referrer-Policy: no-referrer-when-downgrade
    Header set X-XSS-Protection: “1; mode=block”
    Header set X-Content-Type-Options: nosniff

    # HTTP security settings end

    Plugin Author Carl

    (@carlconrad)

    HI,

    In fact they are sent in the HTTP headers (before the HTML content of a page). The .htaccess content is provided in case of conflict with cache plug-ins.

    Regards,
    Carl

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Where are the HTTP Sec Headers stored’ is closed to new replies.