HTTP security headers are a relatively easy way to defend your website against a variety of client-side attacks.

All Strattic sites include HSTS preload eligibility support.

Strattic Enterprise customers can also use the following headers:

  • Content-Security-Policy

  • X-Frame-Options

  • X-Content-Type-Options

  • X-XSS-Protection

  • Access-Control-Allow-Origin

There are two ways to add security headers on Strattic:

  1. Manually insert these headers into your .htaccess file via SFTP

  2. Use the HTTP Headers WordPress plugin

Once this is set up, please contact support via the Strattic Live chat to enable this feature for your Preview and Live environments.



Strattic is an end-to-end managed WordPress static publishing and hosting platform. Try it free for 14 days, no credit card required.

Did this answer your question?