It says on my Wordpress dashboard that my SSL protection is 71% and that I still need to work on several things to get my security boosted. I have tried to fix some of them (like verifying ownership on Google Analytics and Google Search Console) but it still stays on 71%. Does anyone know how I can fix this? Also, I have to add some security headers apparently, which is what I have been trying to do for the past couple of hours. I have had many attempts at adding the headers in my .htaccess file in different variations but to no avail. Then I opted for the easiest solution which is to install and configure the Redirection plugin, but that didn’t work either. I checked on securityheaders.com many times after clearing browser cache and the Litespeed Cache of my server but according to securityheaders.com there were still no headers on my website. I know there’s a toggle option in my cPanel dashboard (I use Cloudflare) to enable HSTS but I also want to add the other security headers. Is there anyone that knows what I could be doing wrong and how I can add the security headers successfully?
Hi, thank you for your prompt comment. I am trying to insert the exact values as the ones you wrote in your picture. Could you send me the value that you put for content security policy please? I can’t read what is past 'unsafe.
Hi, I am not very savvy with this but I just used this: upgrade-insecure-requests. I found it on some website where someone was recommending it. After I deployed the rules I checked again with securityheaders and the headers had been added successfully. Thank you!
It is not a plugin, I’ve got free SSL from my hosting provider and from Cloudflare, it is Cloudflare’s SSL that I activated. But I can see it in my Wordpress dashboard for some reason.
It’s quite possible it’s testing a local connection and not through the Cloudflare Proxy. securityheaders.com should be able to confirm if these headers are there or not.
Oh, my apologies. I didn’t know it was a plugin. According to securityheaders the headers are there on my website so perhaps the plugin isn’t registering it. Thank you for your help!
