HTTP Security Headers for WordPress

I tried to improve security with HTTP response header.

We can test how well we are doing with Observatory.

I made my WordPress return response header like following.

strict-transport-security:max-age=31536000; includeSubDomains; preload
x-xss-protection:1; mode=block

I developed a WordPress plugin to output those headers.

The test score of this site becomes “B” for now.

Related Links


Leave a Reply

Your email address will not be published. Required fields are marked *