Your website is missing security headers!
Are you running website security checks and being told that you are missing secure headers or security headers? (Free check here)
Security headers prevent hackers and bots attacking your website and causing mayhem. Some of the ways they can do this is through code injection, click-jacking, cross-site scripting and so on. Either way they all need to be squashed and the security headers is the way to do this.
Below we have gathered up the most common ones for you to take and use as you wish. Specifically for us in the .htaccess file on your server. If you’d like more detail on the various attributes and definitions then check out Really Simple SSL. We recommend reading up on which ones do what so that you can make any changes you want. However the below will give you some basic protection.
To be copied and pasted into your .htaccess file, your server configuration may require you to ‘show hidden files’ before you can see this file. What you copy and paste into your .htaccess is your responsibility.