Site health / Website status
-
Hello,
I noticed that the site health always tells me that some security headers are not installed:Your site does not send all recommended security headers.
Upgrade Insecure Requests
X-XSS protection
X-Content Type Options
Referrer-Policy
X-Frame-Options
Permissions-Policy
HTTP Strict Transport SecurityAfter seeing this, I added it to the htaccess file. But the message is still there. What’s wrong?
Here is the htaccess content:
# BEGIN WordPress
# Die Anweisungen (Zeilen) zwischen ?BEGIN WordPress“ und ?END WordPress“ sind
# dynamisch generiert und sollten nur über WordPress-Filter ge?ndert werden.
# Alle ?nderungen an den Anweisungen zwischen diesen Markierungen werden überschrieben.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
# BEGIN Upgrade Insecure Requests
<IfModule mod_headers.c>
Header set Content-Security-Policy "upgrade-insecure-requests"
</IfModule>
# END Upgrade Insecure Requests
# BEGIN Upgrade X-XSS-Protection
<IfModule mod_headers.c>
Header set X-XSS-Protection "1; mode=block"
</IfModule>
# END Upgrade X-XSS-Protection
# BEGIN Upgrade X-Content-Type-Options
<IfModule mod_headers.c>
Header set X-Content-Type-Options "nosniff"
</IfModule>
# END Upgrade X-Content-Type-Options
# BEGIN Upgrade Referrer-Policy
<IfModule mod_headers.c>
Header set Referrer-Policy "no-referrer"
</IfModule>
# END Upgrade Referrer-Policy
# BEGIN Upgrade X-Frame-Options
<IfModule mod_headers.c>
Header set X-Frame-Options "DENY"
</IfModule>
# END Upgrade X-Frame-Options
# BEGIN Upgrade Permissions-Policy
<IfModule mod_headers.c>
Header set Permissions-Policy "geolocation=(self), microphone=()"
</IfModule>
# END Upgrade Permissions-Policy
# BEGIN Upgrade HTTP Strict Transport Security (HSTS)
<IfModule mod_headers.c>
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
</IfModule>
# END Upgrade HTTP Strict Transport Security (HSTS)Thank you for your help.
Regards,
Harry
Viewing 5 replies - 1 through 5 (of 5 total)
Viewing 5 replies - 1 through 5 (of 5 total)
- You must be logged in to reply to this topic.