HTTP Security Headers for WordPress

18. February 2017 Note strict-transport-security, x-content-type-options, x-frame-options, x-xss-protection

I tried to improve security with HTTP response header.

We can test how well we are doing with Observatory.

https://observatory.mozilla.org/

I made my WordPress return response header like following.

strict-transport-security:max-age=31536000; includeSubDomains; preload
x-content-type-options:nosniff
x-frame-options:DENY
x-xss-protection:1; mode=block

I developed a WordPress plugin to output those headers.

https://github.com/miya0001/secure-headers

The test score of this site becomes “B” for now.

https://observatory.mozilla.org/analyze.html?host=miya.io&third-party=false

M	T	W	T	F	S	S
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28

HTTP Security Headers for WordPress

Related Links

Leave a Reply Cancel reply