Category: Security Headers
How to set Security Headers on Apache and NGINX
Below we will discuss the challenges and solutions of setting security headers in a WordPress environment. Methods for setting http security headers There are different ways to set security headers on both Apache and Nginx. Usually, security headers on Apache are set in the .htaccess file in the root of your WordPress installation, for Nginx servers they are usually set in the nginx.conf file. Some servers combine Nginx and Apache so they can be set in either of those files.
How to find where (unwanted) security headers are set
In some cases you may be unable to change a security header from within Really Simple Security because the settings is disabled. You may even get the following warning in the Really Simple Security dashboard: “The … security header is not set by Really Simple Security but has a non-recommended value: “…” This means that the header was set by other means, sometimes incorrectly or with non-recommended values. If we find an incorrectly set header or a header that is
How to use the Permissions Policy header
The Permissions Policy HTTP header replaces the existing Feature Policy header for controlling delegation of permissions and powerful features. The header uses a structured syntax, and allows sites to more tightly restrict which origins can be granted access to features. What is the Permissions Policy header The Permissionas Policy header is a security header that controls which browser features can be used. Besides implementing these rules for your own content it can also prevent external iFrames from using these browser
Manually adding recommended security headers on WordPress
This article will explain how to manually add the recommended security headers to your website. For more advanced security headers or automatically add the security headers, please consider subscribing to Really Simple Security Pro. Security Headers add important additional protection for visitors of your website. The security headers Security headers are instructions your web server sends to a visitor’s browser. They tell the browser how to safely handle your site, which domains can load content, whether the page can be
Common issues with HSTS
There are several causes for HTTP Strict Transport Security (HSTS) not working correctly. The most common HSTS issues are listed in this article. Response error: Multiple HSTS headers (number of HSTS headers: 2) When you see this error the HSTS header has been set twice. The HSTS header should be set only once. This is usually caused by a second HSTS header, added by either your hosting provider or a different plugin. This header is often located in the .htaccess file. Check your