Skip to content

Instantly share code, notes, and snippets.

Last active Jul 20, 2020
What would you like to do?
Security Headers Fix to verify with
# Add the following to the WordPress installation's root .htaccess file
# Extra Security Headers
<IfModule mod_headers.c>
Header set X-XSS-Protection "1; mode=block"
Header always append X-Frame-Options SAMEORIGIN
Header set X-Content-Type-Options nosniff
Header set Strict-Transport-Security "max-age=31536000" env=HTTPS
Header set Referrer-Policy "no-referrer-when-downgrade"
Header set Feature-Policy: vibrate 'self'; usermedia *; sync-xhr 'self'
Header set Expect-CT enforce,max-age=2592000,report-uri=""
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment