Title: Security headers Last modified: March 12, 2024 --- # Security headers * Resolved [jdelgadoesteban](https://wordpress.org/support/users/jdelgadoesteban/) * (@jdelgadoesteban) * [2 years, 2 months ago](https://wordpress.org/support/topic/security-headers-15/) * I have follow the instructions here: * [https://really-simple-ssl.com/site-health-recommended-security-headers/](https://really-simple-ssl.com/site-health-recommended-security-headers/) * However, I am still getting the missing security headers issue. * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fsecurity-headers-15%2F%3Foutput_format%3Dmd&locale=en_US) to see the link]_ Viewing 2 replies - 1 through 2 (of 2 total) * Thread Starter [jdelgadoesteban](https://wordpress.org/support/users/jdelgadoesteban/) * (@jdelgadoesteban) * [2 years, 2 months ago](https://wordpress.org/support/topic/security-headers-15/#post-17492230) * ```wp-block-code #Begin Really Simple Security RewriteEngine on RewriteCond %{HTTPS} !=on [NC] RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/ RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L] #End Really Simple Security # Really Simple SSL Header always set Strict-Transport-Security: "max-age=31536000" env=HTTPS Header always set X-Content-Type-Options "nosniff" Header always set X-XSS-Protection "1; mode=block" Header always set Expect-CT "enforce, max-age=7776000" Header always set Permissions-Policy: "no-referrer-when-downgrade" Header always set Referrer-Policy "strict-origin-when-cross-origin" Header always set X-Frame-Options: "SAMEORIGIN" #End Really Simple SSL # BEGIN WordPress # The directives (lines) between "BEGIN WordPress" and "END WordPress" are # dynamically generated, and should only be modified via WordPress filters. # Any changes to the directives between these markers will be overwritten. RewriteEngine On RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] # END WordPress ``` * Plugin Support [Jarno Vos](https://wordpress.org/support/users/jarnovos/) * (@jarnovos) * [2 years, 2 months ago](https://wordpress.org/support/topic/security-headers-15/#post-17496038) * Hi [@jdelgadoesteban](https://wordpress.org/support/users/jdelgadoesteban/), * You can use a tool such as SecurityHeaders.com to check which headers you’re still missing, and add those as well. * But as the configuration of Security Headers through this plugin is part of the Pro version, please reach us at **support(at)really-simple-ssl.com** if you have any further questions about that. * Kind regards, Jarno Viewing 2 replies - 1 through 2 (of 2 total) The topic ‘Security headers’ is closed to new replies. * ![](https://ps.w.org/really-simple-ssl/assets/icon-256x256.png?rev=2839720) * [Really Simple Security - Simple and Performant Security (formerly Really Simple SSL)](https://wordpress.org/plugins/really-simple-ssl/) * [Frequently Asked Questions](https://wordpress.org/plugins/really-simple-ssl/#faq) * [Support Threads](https://wordpress.org/support/plugin/really-simple-ssl/) * [Active Topics](https://wordpress.org/support/plugin/really-simple-ssl/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/really-simple-ssl/unresolved/) * [Reviews](https://wordpress.org/support/plugin/really-simple-ssl/reviews/) * 2 replies * 2 participants * Last reply from: [Jarno Vos](https://wordpress.org/support/users/jarnovos/) * Last activity: [2 years, 2 months ago](https://wordpress.org/support/topic/security-headers-15/#post-17496038) * Status: resolved