HTTP security headers are a relatively easy way to defend your website against a variety of client-side attacks.

All Strattic sites include HSTS preload eligibility support.

Strattic Enterprise customers can also use the following headers:

  • Content-Security-Policy

  • X-Frame-Options

  • X-Content-Type-Options

  • X-XSS-Protection

  • Access-Control-Allow-Origin

There are two ways to add security headers on Strattic:

  1. Manually insert these headers into your .htaccess file via SFTP

  2. Use the HTTP Headers WordPress plugin

Once this is set up, please contact support via the Strattic Live chat to enable this feature for your Preview and Live environments.

Did this answer your question?