Security headers

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter jdelgadoesteban

    (@jdelgadoesteban)

    #Begin Really Simple Security
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} !=on [NC]
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
</IfModule>

#End Really Simple Security

# Really Simple SSL

    Header always set Strict-Transport-Security: "max-age=31536000" env=HTTPS
    Header always set X-Content-Type-Options "nosniff"
    Header always set X-XSS-Protection "1; mode=block"
    Header always set Expect-CT "enforce, max-age=7776000"
    Header always set Permissions-Policy: "no-referrer-when-downgrade"
    Header always set Referrer-Policy "strict-origin-when-cross-origin"
    Header always set X-Frame-Options: "SAMEORIGIN"

#End Really Simple SSL

# BEGIN WordPress
# The directives (lines) between "BEGIN WordPress" and "END WordPress" are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress
    Plugin Support jarnovos

    (@jarnovos)

    Hi @jdelgadoesteban,

    You can use a tool such as SecurityHeaders.com to check which headers you’re still missing, and add those as well.

    But as the configuration of Security Headers through this plugin is part of the Pro version, please reach us at support(at)really-simple-ssl.com if you have any further questions about that.

    Kind regards, Jarno

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Security headers’ is closed to new replies.