It says on my Wordpress dashboard that my SSL protection is 71% and that I still need to work on several things to get my security boosted. I have tried to fix some of them (like verifying ownership on Google Analytics and Google Search Console) but it still stays on 71%. Does anyone know how I can fix this? Also, I have to add some security headers apparently, which is what I have been trying to do for the past couple of hours. I have had many attempts at adding the headers in my .htaccess file in different variations but to no avail. Then I opted for the easiest solution which is to install and configure the Redirection plugin, but that didn’t work either. I checked on securityheaders.com many times after clearing browser cache and the Litespeed Cache of my server but according to securityheaders.com there were still no headers on my website. I know there’s a toggle option in my cPanel dashboard (I use Cloudflare) to enable HSTS but I also want to add the other security headers. Is there anyone that knows what I could be doing wrong and how I can add the security headers successfully?
Hi, thank you for your prompt comment. I am trying to insert the exact values as the ones you wrote in your picture. Could you send me the value that you put for content security policy please? I can’t read what is past 'unsafe.
Hi, I am not very savvy with this but I just used this: upgrade-insecure-requests. I found it on some website where someone was recommending it. After I deployed the rules I checked again with securityheaders and the headers had been added successfully. Thank you!