This article will explain how you can add Security Headers in Apache. Security headers can be added directly to the .htaccess
file of your site. The .htaccess
file is typically located in the webroot of your site. A common location in Servebolt would be in the /public/
directory. You can access the .htaccess
file by logging into your site using either SFTP or SSH. Editing the .htaccess
file should be done by a more technical person, adding a rule wrongly may result in a 500 Internal Server Error
. Adding the wrong Security Header to your site may also lead to some functionality not working as expected.
Adding Security Headers:
Security Headers can be added to your .htaccess
file. The .htaccess
file is parsed from top to bottom, so it is important that you keep that in mind when adding Security Headers.
Example:
The Security Headers added below are only an example of how it can look it on your .htaccess
file. Use wisely and only add Security Headers to your site if you know what they do.
# Security Headers
<IfModule mod_headers.c>
Header set Content-Security-Policy "upgrade-insecure-requests"
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains"
Header set X-Xss-Protection "1; mode=block"
Header set X-Frame-Options "SAMEORIGIN"
Header set X-Content-Type-Options "nosniff"
Header set Referrer-Policy "strict-origin-when-cross-origin"
Header set Permissions-Policy "geolocation=self"
</IfModule>
Leave a comment