Skip to content

Instantly share code, notes, and snippets.

@dipakcg
Last active July 20, 2020 07:04
Show Gist options
  • Save dipakcg/eb506388a0f5d15ebab001d8c1c05422 to your computer and use it in GitHub Desktop.
Save dipakcg/eb506388a0f5d15ebab001d8c1c05422 to your computer and use it in GitHub Desktop.
Security Headers Fix to verify with securityheaders.com
# Add the following to the WordPress installation's root .htaccess file
# Extra Security Headers
<IfModule mod_headers.c>
Header set X-XSS-Protection "1; mode=block"
Header always append X-Frame-Options SAMEORIGIN
Header set X-Content-Type-Options nosniff
Header set Strict-Transport-Security "max-age=31536000" env=HTTPS
Header set Referrer-Policy "no-referrer-when-downgrade"
Header set Feature-Policy: vibrate 'self'; usermedia *; sync-xhr 'self' https://dipakgajjar.com
Header set Expect-CT enforce,max-age=2592000,report-uri="https://dipakgajjar.com/report"
</IfModule>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment