HTTP security headers how to add

Leanna · August 28, 2019, 10:38pm

Comodo recently cleaned some malware for me but said I needed to do this to secure the site:
We found some vulnerability on your domain listed below, these may lead the attacker to enter your domain.

i) Missing HTTP security headers

X-Frame-Options-Protects against Clickjacking attacks Not set
X-XSS-Protection-Mitigates Cross-Site Scripting (XSS) attacks Not set
Strict-Transport-Security-Protects against man-in-the-middle attacks Not set
X-Content-Type-Options-Prevents possible phishing or XSS attacks Not set

How should I add these?

ruenel · August 29, 2019, 1:31am

Hello @Leanna,

Thanks for writing in!

It is best that you install 3rd party plugin so that you can easily manage the HTTP headers.
Perhaps this might help you:

https://wordpress.org/plugins/search/http+header/

Kindly let us know which one works best for you.

Leanna · August 29, 2019, 1:40pm

i installed Http Headers plugin and set the top four security items as directed, but still https://securityheaders.com scores me “F”

Prasant · August 29, 2019, 6:54pm

Hello Leanna,

Thanks for updating the thread.

Please take a look at the solution shared in following thread:

Thanks.

Leanna · August 30, 2019, 5:33am

The plugin recommended was no longer available but I tried another plugin called Security Headers and it worked!

lely · August 30, 2019, 6:01am

Glad this is now sorted out and thank you for updating us.

Cheers!

system · September 9, 2019, 6:01am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.