.htaccess file

Hello everyone I am getting this message when I check my site health in all my wordpress sites with cloudflare.
Your .htaccess file does not contain all recommended security headers.
• HTTP Strict Transport Security
• Content Security Policy: Upgrade Insecure Requests
• X-XSS protection
• X-Content Type Options
• Referrer-Policy
• Expect-CT
the rest of my site health is perfect,
Does anyone know if this is a problem with Cloudflare or with my hosting provider,
Thanks in advance and Stay Safe, Victor

Hi @victorinspain,

These headers are usually set at your host, and that is where the .htaccess they mentioned is. You can add them using a Cloudflare Worker, but it’s generally easier to just do it on your server.

Thanks Domjh for your speedy reply I will contact my hosting company tomorrow and see if they will do it.
Thank you and stay safe. Cheers Victor

This topic was automatically closed after 30 days. New replies are no longer allowed.