Site Health Status – not contain all

And also, even i have the last version installed 4.0.5 (free)
my htaccess have only this from really simple ssl

# BEGIN rlrssslReallySimpleSSL rsssl_version[3.2.7]
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
</IfModule>
# END rlrssslReallySimpleSSL

Don’t know if there is a problem, but just showing the htaccess for additonal info. (not even one security line)

• This reply was modified 3 years, 11 months ago by patano3234.

Hi @patano3234,

Please follow these steps:
https://really-simple-ssl.com/site-health-recommended-security-headers/

That should resolve the headers notice.

every single line, one by one added, give me 500 internal error on website. so what i need to do in this case?

Possibly your hosting company does not support the mode_headers module. Please check with them if that is the case.

mod_header was not active. i activate it, restart apache and use your tutorial + 1 google find.

But i still have something left:
1. in wordpress site health i have only thing:

Content Security Policy: Upgrade Insecure Requests

2. in securityheaders have 2 left

Content-Security-Policy Content Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets.

Permissions-Policy Permissions Policy is a new header that allows a site to control which features and APIs can be used in the browser.

can you also help with these? thanks for reply and help resolving the matter

• This reply was modified 3 years, 11 months ago by patano3234.
• This reply was modified 3 years, 11 months ago by patano3234.

Hi @patano3234,

we have now updated the site health article on our website to include the Upgrade-Insecure-Requests header. This header can be added by adding the following line to your .htaccess file:

Header always set Content-Security-Policy "upgrade-insecure-requests"

Both the Content Security Policy and Feature Policy (Permissions Policy) are advanced headers which we only recommend to enable if you understand how they work. This article contains information about these headers and links to articles on how to implement them: https://really-simple-ssl.com/site-health-recommended-security-headers/

Thanks for reply.

1.Site health is now 100% good with that additional header line witch you gave me @markwolters

2.On securityheader from that 2 problems, Content-Security-Policy Content Security Policy is fixed with that line
AND now i am class A, and i only have 1 more thing to fix:

Permissions-Policy Permissions Policy is a new header that allows a site to control which features and APIs can be used in the browser.

Any ideea on how to fix the only remaining thing “Permissions-Policy”? or an extensive article about it for wp?

Thanks for all support!

Hi @patano3234,

the permissions policy warning can be fixed by adding a permissions policy header. The following article details how to set up such a policy: https://github.com/w3c/webappsec-permissions-policy/blob/master/permissions-policy-explainer.md. As the permissions policy is relatively new and the successor of the feature policy there’s not a lot of documentation available.