Adding the latest HTTP security headers
Posted: Sun Jan 05, 2025 6:41 am
Another step you can take to improve WordPress security is to take advantage of HTTP security headers. These are typically set at the web server level and tell the browser how to behave when dealing with your site's content. There are many different HTTP security headers, but the most important ones are listed below.
Content Security Policy
X-XSS-Protection
Strictness-Transport-Safety
X-Frame-Options
Public Key Pins
X-Content-Type
KeyCDN has a great detailed post if you gambling data taiwan want to read more about HTTP security headers. You can check what headers are currently in effect on your WordPress site by running Chrome devtools and looking at the header in your site's initial response. Below is an example from kinsta.com. You can see that we are using the strict-transport-security, , x-content-type and headers x-frame-options.
HTTP security headers
You can also scan your WordPress site with Scott Helme’s free securityheaders.io tool. It will show you what HTTP security headers your site currently has. If you’re not sure how to implement them, you can always ask your host if they can help you.
http security headers scan
Note: It is also important to remember that when implementing HTTP security headers, it may impact your WordPress subdomains. For example, if you add a Content Security Policy header and restrict access by domain, you will need to add your subdomains as well.
Content Security Policy
X-XSS-Protection
Strictness-Transport-Safety
X-Frame-Options
Public Key Pins
X-Content-Type
KeyCDN has a great detailed post if you gambling data taiwan want to read more about HTTP security headers. You can check what headers are currently in effect on your WordPress site by running Chrome devtools and looking at the header in your site's initial response. Below is an example from kinsta.com. You can see that we are using the strict-transport-security, , x-content-type and headers x-frame-options.
HTTP security headers
You can also scan your WordPress site with Scott Helme’s free securityheaders.io tool. It will show you what HTTP security headers your site currently has. If you’re not sure how to implement them, you can always ask your host if they can help you.
http security headers scan
Note: It is also important to remember that when implementing HTTP security headers, it may impact your WordPress subdomains. For example, if you add a Content Security Policy header and restrict access by domain, you will need to add your subdomains as well.