Add Security Headers to Your Website

By adding the required security headers to my .htaccess file, I just got an A on securityheaders.io (I do not currently have an SSL certificate for this site) and in this post I’m going to show you what to add in order to score an A+ from securityheaders.io!

securityhead1

 

securityhead2 securityhead3

 

Before we add any code, we must answer the obvious question…

What are HTTP Security Headers?

coming soon… lol

 

Adding the Security Headers

 

Open your FTP program; I use Transmit. In the root of your site or WordPress installation, you will see your .htaccess file. If you do not see that file you have to set your FTP program to show hidden/invisible files, which is most likely located in the view menu.

Edit your .htaccess file to add the security headers.
Use your FTP program of choice find your .htaccess file.

 

Right-click and open .htaccess and edit it in your favorite editor. I use Sublime Text with the Seti_UX and Seti_UI themes installed.

At the top of your .htaccess file add the following security headers in here:

It will look like this:

Security Headers in your .htaccess file
Use your preferred text editor to edit .htaccess and add the Security Headers you need.

Save the file and be sure to check your site by reloading it. All should be well. You should get an A+ on securityheaders.io as well.

I will do a Security Headers for SSL walkthrough once I bother with a certificate.

Thanks for reading. Leave questions, concerns and any tips in the comments!