Title: Security Headers Last modified: July 26, 2023 --- # Security Headers * Resolved [aatrad](https://wordpress.org/support/users/aatrad/) * (@aatrad) * [2 years, 10 months ago](https://wordpress.org/support/topic/security-headers-14/) * Regarding WordPress, there is one item that needs improvement to enhance its security, as indicated by the following message: * “**Recommended security headers are not all installed. Your website does not send all recommended security headers.** Upgrade Insecure Requests, X-XSS-Protection, X-Content-Type-Options, Referrer-Policy, X-Frame-Options, Permissions-Policy.” * I have the Really Simple SSL Pro version, and according to the plugin, my site has an A+ status. * What can be done to address this security message? Do I need to enter a code in the .htaccess file? I also tried deactivating all extensions except for Really Simple SSL to check if there is any conflict between plugins, but the message still appears. * Thank you in advance. Viewing 2 replies - 1 through 2 (of 2 total) * Thread Starter [aatrad](https://wordpress.org/support/users/aatrad/) * (@aatrad) * [2 years, 10 months ago](https://wordpress.org/support/topic/security-headers-14/#post-16924358) * I have performed another scan with Really Simple SSL, and the plugin indicates that the recommended security headers are not installed. However, I have configured these headers manually using the “HTTP Headers” plugin since my last message. Despite this, Really Simple SSL and WordPress do not recognize the headers that I have set using the other plugin. * Plugin Support [Jarno Vos](https://wordpress.org/support/users/jarnovos/) * (@jarnovos) * [2 years, 10 months ago](https://wordpress.org/support/topic/security-headers-14/#post-16924413) * Hi [@aatrad](https://wordpress.org/support/users/aatrad/), * We would be happy to help with any questions you might have about the _Pro _plugin and it´s features, but please know that we are solely allowed to discuss the _Free _plugin on these forums. If we can assist with the configuration of the _Pro _plugin, please send us a message via **support(at)really-simple-ssl.com** and we would be happy to help. * But just as a bit of clarification in the meantime: * If you’ve enabled all of those headers in the Really Simple SSL Pro plugin, you won’t require the use of an additional plugin that sets them as well. * If a scan tool such as SecurityHeaders.com detects all of the headers as listed in the Site Health notice, you should be good to go; as the Site Health notice is probably still ‘cached’ and should disappear after some time has passed. * Kind regards, Jarno Viewing 2 replies - 1 through 2 (of 2 total) The topic ‘Security Headers’ is closed to new replies. * ![](https://ps.w.org/really-simple-ssl/assets/icon-256x256.png?rev=2839720) * [Really Simple Security - Simple and Performant Security (formerly Really Simple SSL)](https://wordpress.org/plugins/really-simple-ssl/) * [Frequently Asked Questions](https://wordpress.org/plugins/really-simple-ssl/#faq) * [Support Threads](https://wordpress.org/support/plugin/really-simple-ssl/) * [Active Topics](https://wordpress.org/support/plugin/really-simple-ssl/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/really-simple-ssl/unresolved/) * [Reviews](https://wordpress.org/support/plugin/really-simple-ssl/reviews/) * 2 replies * 2 participants * Last reply from: [Jarno Vos](https://wordpress.org/support/users/jarnovos/) * Last activity: [2 years, 10 months ago](https://wordpress.org/support/topic/security-headers-14/#post-16924413) * Status: resolved