.htaccess file

victorinspain · December 9, 2020, 6:49pm

Hello everyone I am getting this message when I check my site health in all my wordpress sites with cloudflare.
Your .htaccess file does not contain all recommended security headers.
• HTTP Strict Transport Security
• Content Security Policy: Upgrade Insecure Requests
• X-XSS protection
• X-Content Type Options
• Referrer-Policy
• Expect-CT
the rest of my site health is perfect,
Does anyone know if this is a problem with Cloudflare or with my hosting provider,
Thanks in advance and Stay Safe, Victor

domjh · December 9, 2020, 7:23pm

Hi @victorinspain,

These headers are usually set at your host, and that is where the .htaccess they mentioned is. You can add them using a Cloudflare Worker, but it’s generally easier to just do it on your server.

victorinspain · December 9, 2020, 7:53pm

Thanks Domjh for your speedy reply I will contact my hosting company tomorrow and see if they will do it.
Thank you and stay safe. Cheers Victor

system · January 8, 2021, 6:49pm

This topic was automatically closed after 30 days. New replies are no longer allowed.

Topic		Replies	Views
Not all recommended security headers are installed Getting Started	3	3760	December 10, 2020
Wordpress .htaccess modification no effect Website, Application, Performance	5	3348	July 25, 2021
Htaccess file Security headers are gonne after activating Cloudflare Security	2	1584	September 23, 2022
Security policy for static site on cloudflare pages? Security	14	3171	May 5, 2022
Mod Security Header in htAccess not respected by Cloudflare Security	3	2644	September 6, 2021

.htaccess file

Related topics