Getting everything out of your security headers

When you have installed Really Simple SSL pro, there will be quite a number of new options available to you. We recommend to start by navigating to Settings -> SSL & Security -> Settings (in the top menu bar), and work your way down through the available options & enable the desired settings. This includes all of the Recommended Security Headers as well.

We sometimes get the question: “Which headers should I enable, and why aren’t they all enabled by default?”. This is not always possible, for example; the Content Security Policy is a header that has to be tailored to the requirements of a specific website. We have made this as easy as possible with Learning Mode to handle the detection of resources automatically, but ultimately you have to decide whether a specific URL should be allowed by the Content Security Policy or not.

In this security headers article we’ve discussed each header, and have added a “recommended” or “advanced” flag. If you’re not very experienced, you can still enable these without having to configure a lot of settings. Just enable the switch for a specific Security Header in the Really Simple SSL settings (under Recommended Security Headers), and you’re done!

Lightweight plugin, Heavyweight Security features. Get Pro and leverage your SSL certificate for WordPress security standards.