An Overview of Best Practices for Security Headers

oktadev-blog · October 15, 2021, 2:55pm

Security headers instruct browsers how to behave and prevent them from executing vulnerabilities that would endanger your users. Learn how to use them in this tutorial.

oktadev-blog · October 21, 2021, 7:30pm

Kiane

Hello Vickie, are those security headers a good option for wordpress network with one site in subdirectory? # Security headers
<ifmodule mod_headers.c="">
Header set Strict-Transport-Security “max-age=31536000” env=HTTPS
Header set X-XSS-Protection "1; mode=block"
Header set X-Content-Type-Options nosniff
Header set X-Frame-Options SAMEORIGIN
Header always set Referrer-Policy “no-referrer-when-downgrade”
</ifmodule>
# END of Security headers

vickeli · October 27, 2021, 7:58pm

Heya, thanks for the comment Kiane!
These security header best practices would increase the security of most websites, including the set up you mentioned!

Post		Replies	Views
Changing Content Security Policies for hosted Signing Page Questions	1	4549	January 17, 2024
Importance of User-Agent and X-Forwarded-For headers in trusted application authentication API api	3	6859	February 7, 2024
The Content Security Policy Error Questions	2	2708	February 13, 2024
Response header shows http and not https, login fails Questions	2	766	May 11, 2024
Okta Refused to connect to 'https://xxxx.okta.com/oauth2/default/.well-known/openid-configuration' Questions	17	5146	March 30, 2022

An Overview of Best Practices for Security Headers

Related topics