Category: Security Headers
Protecting site visitors with Security Headers
Each time you visit a website, information is exchanged between your device and the website’s server. HTTP headers play an important role in this communication, as they provide extra information about the data that is being shared. Security Headers are types of HTTP headers that are specifically designed to improve web application security. They instruct web browsers on how to handle a site’s content, to protect website visitors against common types of malicious attacks. Protecting your website visitors from malicious
LiteSpeed Cache and Security Headers
If you are using LiteSpeed cache you may have problems updating your security headers. This is because LiteSpeed cache will prevent the loading of our advanced-headers.php file. The solution for this is to add rsssl_after_saved_fields to the “Purge All Hooks” list in the LiteSpeed cache settings. This will purge the LiteSpeed cache on every save of the Really SImple SSL settings. NOTE: This will not work for CSP learning mode because learning mode changes the headers without a manual save
W3 Total Cache and Security Headers
Disk: Enhanced mode blocks security headers If you are using W3 Total Cache in “Disk: Enhanced” mode, setting security headers in Really Simple SSL will not work correctly. Really Simple SSL sets security headers using PHP and the “Disk: Enhanced” mode in W3 Total Cache completely bypasses PHP and serves static HTML only. This means W3 Total Cache “Disk: Enhanced” mode is incompatible with the security headers functionality in Really Simple SSL. To use Really Simple SSL’s security headers functionality
Implementing Content Security Policy (CSP) on WordPress
Implementing a Content Security Policy is an essential way to protect your website from common attacks. What is Content Security Policy Content Security Policy enhances the security of web applications, reduces the attack surface, and protects users from various forms of web-based attacks such as Cross-Site Scripting (XSS), Clickjacking, data and code injection attacks. In this article, we will explore the significance of CSP and delve into the step-by-step process of implementing it on a WordPress website to enhance security
Content security policy maximum size exceeded
The maximum size available for http headers on your website depends on the webserver that runs your website. For most webservers like Apache and Lightspeed the limit is 8192 bytes but the default configuration of Nginx sets this limit to 4096 bytes. When your website is running Nginx with the default configuration, available space for HTTP headers is limited. In most cases this will be fine but if you have a large Content Security Policy it might result in the