Category: WordPress Security
How to find where (unwanted) security headers are set
In some cases you may be unable to change a security header from within Really Simple SSL because the settings is disabled. You may even get the following warning in the Really Simple SSL dashboard: “The … security header is not set by Really Simple SSL, but has a non-recommended value: “…” This means that the header was set by other means, sometimes incorrectly or with non-recommended values. If we find an incorrectly set header or a header that is
How to use the Permission Policy header
The Permissions-Policy HTTP header replaces the existing Feature-Policy header for controlling delegation of permissions and powerful features. The header uses a structured syntax, and allows sites to more tightly restrict which origins can be granted access to features. What is the Permissions Policy header The Permission Policy header is a security header that controls which browser features can be used. Besides implementing these rules for your own content it can also prevent external iFrames from using these browser features, making
Manually adding recommended security headers on WordPress
This article will explain how to manually add the recommended security headers to your website. For more advanced security headers or automatically add the security headers, please consider subscribing to Really Simple SSL Pro. Security headers will add additional protection for your websites visitors. The security headers We will show you some of the security headers, and how to add them manually. When you need to know more, or are interested in more advanced security headers, visit this article. HSTS
Common issues with HSTS
There are several causes for HTTP Strict Transport Security (HSTS) not working correctly. The most common HSTS issues are listed in this article. Response error: Multiple HSTS headers (number of HSTS headers: 2) When you see this error the HSTS header has been set twice. The HSTS header should be set only once. This is usually caused by a second HSTS header, added by either your hosting provider or a different plugin. This header is often located in the .htaccess file. Check your
Getting everything out of your security headers
When you have installed Really Simple SSL pro, there will be quite a number of new options available to you. We recommend to start by navigating to Settings -> SSL & Security -> Settings (in the top menu bar), and work your way down through the available options & enable the desired settings. This includes all of the Recommended Security Headers as well. We sometimes get the question: “Which headers should I enable, and why aren’t they all enabled by