Sign Up

Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.

Sign In

Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.

Forgot Password

Lost your password? Please enter your email address. You will receive a link and will create a new password via email.

You must login to ask a question.

Please briefly explain why you feel this question should be reported.

Please briefly explain why you feel this answer should be reported.

Please briefly explain why you feel this user should be reported.

WebPro Care Latest Articles

How to add Security Headers to your site

This article will explain how you can add Security Headers in Apache. Security headers can be added directly to the .htaccess file of your site. The .htaccess file is typically located in the webroot of your site. A common location in Servebolt would be in the /public/ directory. You can access the .htaccess file by logging into your site using either SFTP or SSH. Editing the .htaccess file should be done by a more technical person, adding a rule wrongly may result in a 500 Internal Server Error. Adding the wrong Security Header to your site may also lead to some functionality not working as expected.

Adding Security Headers:

Security Headers can be added to your .htaccess file. The .htaccess file is parsed from top to bottom, so it is important that you keep that in mind when adding Security Headers.


The Security Headers added below are only an example of how it can look it on your .htaccess file. Use wisely and only add Security Headers to your site if you know what they do.

# Security Headers
<IfModule mod_headers.c>
Header set Content-Security-Policy "upgrade-insecure-requests"
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains"
Header set X-Xss-Protection "1; mode=block"
Header set X-Frame-Options "SAMEORIGIN"
Header set X-Content-Type-Options "nosniff"
Header set Referrer-Policy "strict-origin-when-cross-origin"
Header set Permissions-Policy "geolocation=self"

Leave a comment