By adding the required security headers to my .htaccess file, I just got an A on securityheaders.io (I do not currently have an SSL certificate for this site) and in this post I’m going to show you what to add in order to score an A+ from securityheaders.io!
Before we add any code, we must answer the obvious question…
What are HTTP Security Headers?
coming soon… lol
Adding the Security Headers
Open your FTP program; I use Transmit. In the root of your site or WordPress installation, you will see your .htaccess file. If you do not see that file you have to set your FTP program to show hidden/invisible files, which is most likely located in the view menu.
Right-click and open .htaccess and edit it in your favorite editor. I use Sublime Text with the Seti_UX and Seti_UI themes installed.
At the top of your .htaccess file add the following security headers in here:
It will look like this:
Save the file and be sure to check your site by reloading it. All should be well. You should get an A+ on securityheaders.io as well.
I will do a Security Headers for SSL walkthrough once I bother with a certificate.
Thanks for reading. Leave questions, concerns and any tips in the comments!