How to add below security headers in .htaccess wordpress?

by herminia_bruen , in category: Third Party Scripts , 4 months ago

How to add below security headers in .htaccess wordpress?

Facebook Twitter LinkedIn Telegram Whatsapp

1 answer

Member

by lily , 3 months ago

@herminia_bruen 

To add security headers in your .htaccess file in WordPress, you can use the following directives:

  1. X-Frame-Options: This header prevents your website from being displayed in a frame or iframe from another site. Add the following line to your .htaccess file:
1
Header always append X-Frame-Options SAMEORIGIN


  1. X-Content-Type-Options: This header prevents browsers from MIME-sniffing a response away from the declared content-type. Add the following line to your .htaccess file:
1
Header always set X-Content-Type-Options nosniff


  1. X-XSS-Protection: This header activates the built-in Cross-Site Scripting (XSS) filter in browsers. Add the following line to your .htaccess file:
1
Header always set X-XSS-Protection "1; mode=block"


  1. Content-Security-Policy: This header helps prevent Cross-Site Scripting (XSS) attacks by allowing you to define a whitelist of trusted sources for various types of content. Here is an example of a basic Content-Security-Policy header:
1
Header always set Content-Security-Policy "default-src 'self'; script-src 'self' https://apis.google.com; style-src 'self' https://fonts.googleapis.com; img-src 'self' data: https://www.google-analytics.com"


Remember to replace the example sources with your own trusted sources.


Make sure to test your website after adding these headers to ensure that they do not interfere with the functionality of your site.