Closed heldyboy closed 2 years ago
add_header Strict-Transport-Security max-age=10886400; add_header X-Xss-Protection "1; mode=block" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; add_header Content-Security-Policy "default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self';";
These headers were added to the nginx.conf file and resulted in no change to the results on securityheaders.com
According to the link you shared above I found the way to add HSTS header
@heldyboy By following the instructions I have added the HSTS header.
https://digital.com/best-web-hosting/wordpress/security/