HTTP security headers are a relatively easy way to defend your website against a variety of client-side attacks.
All Strattic sites include HSTS preload eligibility support.
Strattic Enterprise customers can also use the following headers:
-
Content-Security-Policy
-
X-Frame-Options
-
X-Content-Type-Options
-
X-XSS-Protection
-
Access-Control-Allow-Origin
There are two ways to add security headers on Strattic:
-
Manually insert these headers into your .htaccess file via SFTP
-
Use the HTTP Headers WordPress plugin
Once this is set up, please contact support via the Strattic Live chat to enable this feature for your Preview and Live environments.