Security Header: X-XSS-Protection & co Missing
-
Hi
I still have the following error messages, in spite of trying to implement what I read on those pages:
Security Header: X-XSS-Protection Missing
We did not find the recommended security header for XSS Protection on your site.
https://kb.sucuri.net/warnings/hardening/headers-x-xss-protection
Security Header: X-Frame-Options
We did not find the recommended security header for ClickJacking Protection on your site.
https://kb.sucuri.net/warnings/hardening/headers-x-frame-clickjacking
Security Header: X-Content-Type nosniff
We did not find the recommended security header to prevent Content Type sniffing on your site.
https://kb.sucuri.net/warnings/hardening/headers-x-content-type.
I inserted the following code in the .htaccess file:
<ifModule mod_headers.c> Header set X-XSS-Protection "1; mode=block" Header always append X-Frame-Options SAMEORIGIN Header set X-Content-Type-Options: "nosniff” </ifModule>What more do I need to do? Exactly which code do I need to add & exactly where? I think I read something about the header file, but do not quite get what to add there. Please provide the code.
I would very much appreciate some help.
Regards
- The topic ‘Security Header: X-XSS-Protection & co Missing’ is closed to new replies.
