HTTP security headers are a relatively easy way to defend your website against a variety of client-side attacks.
All Strattic sites include HSTS preload eligibility support.
Strattic Enterprise customers can also use the following headers:
Content-Security-Policy
X-Frame-Options
X-Content-Type-Options
X-XSS-Protection
Access-Control-Allow-Origin
There are two ways to add security headers on Strattic:
Manually insert these headers into your .htaccess file via SFTP
Use the HTTP Headers WordPress plugin
Once this is set up, please contact support via the Strattic Live chat to enable this feature for your Preview and Live environments.