Hi,
I'm new to this and looking for help with Security headers:
Running a report on all of my sites I am met with these:
Missing Content-Security-Policy Header
Missing HSTS Header
Missing Secure Referrer-Policy Header
Missing X-Content-Type-Options Header
Missing X-Frame-Options Header
Does LiteSpeed cache have settings for this? I tried an alternative plug-in HTTP Headers, but that doesn't work with Lightspeed servers, which I'm on.
When entering this code into the php.functions file, and running the reports again the errors are still reported:
function set_custom_http_headers() {
header('Strict-Transport-Security: max-age=31536000; includeSubDomains');
header('Referrer-Policy: no-referrer-when-downgrade');
header('X-Content-Type-Options: nosniff');
header('X-Frame-Options: SAMEORIGIN');
}
add_action('send_headers', 'set_custom_http_headers');
Plus, if i add this line: header('Content-Security-Policy: default-src \'self\';');
it 'breaks my website header.
Any help would be much appreciated please.
I'm new to this and looking for help with Security headers:
Running a report on all of my sites I am met with these:
Missing Content-Security-Policy Header
Missing HSTS Header
Missing Secure Referrer-Policy Header
Missing X-Content-Type-Options Header
Missing X-Frame-Options Header
Does LiteSpeed cache have settings for this? I tried an alternative plug-in HTTP Headers, but that doesn't work with Lightspeed servers, which I'm on.
When entering this code into the php.functions file, and running the reports again the errors are still reported:
function set_custom_http_headers() {
header('Strict-Transport-Security: max-age=31536000; includeSubDomains');
header('Referrer-Policy: no-referrer-when-downgrade');
header('X-Content-Type-Options: nosniff');
header('X-Frame-Options: SAMEORIGIN');
}
add_action('send_headers', 'set_custom_http_headers');
Plus, if i add this line: header('Content-Security-Policy: default-src \'self\';');
it 'breaks my website header.
Any help would be much appreciated please.
