{"id":4827,"date":"2018-08-13T18:25:37","date_gmt":"2018-08-13T12:55:37","guid":{"rendered":"https:\/\/phpyouth.com\/blog\/?p=4827"},"modified":"2025-10-10T18:30:57","modified_gmt":"2025-10-10T13:00:57","slug":"enable-http-security-headers","status":"publish","type":"post","link":"https:\/\/phpyouth.com\/blog\/enable-http-security-headers\/","title":{"rendered":"Enable HTTP Security Headers"},"content":{"rendered":"<p>Hello, friends, today we will learn about <strong>HTTP Security Headers<\/strong>. There are a lot of things to consider while securing our website or web applications. <strong>HTTP Security Header<\/strong> is one of the best options. Implementing <strong>HTTP Security Headers<\/strong> is very easy on the server.<\/p>\n<p><strong>HTTP Security Header<\/strong> provides another level of security by minimizing attacks and security vulnerabilities. So, today we will explore vital securities and try to understand what they are and how to implement.<\/p>\n<h3>What are HTTP Security Headers?<\/h3>\n<p>When users visit a website on a browser(Google Chrome, Microsoft Edge, etc), they request a page from the web server. Then the web server responds to the browser request with content along with <strong>HTTP Security Headers,<\/strong> which contain Metadata. These Headers tell browsers how to behave while handling website content coming from the server. We can use these Security Headers to outline communication and improve web security. Let&#8217;s take a look at the three vital Security Headers that protect our websites.<\/p>\n<ul style=\"list-style-type: square; color: #f18120; line-height: 30px;\">\n<li>X-XSS-Protection<\/li>\n<li>X-Frame-Options<\/li>\n<li>X-Content-Type: nosniff<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h3>1. Security Headers: X-XSS-Protection<\/h3>\n<p>Security Headers <strong>X-XSS-Protection<\/strong> stands for <strong>Cross-Site Scripting Protection,<\/strong> and it is designed to improve the security of our websites against <strong>XSS (cross-site scripting) attacks<\/strong>. You can enable it by modifying your Apache settings or <em>.htaccess<\/em> file by adding the following line to it:<\/p>\n<pre class=\"brush: php; title: ; notranslate\" title=\"\">\n&lt;IfModule mod_headers.c&gt;\n  Header set X-XSS-Protection &quot;1; mode=block&quot;\n&lt;\/IfModule&gt;\n<\/pre>\n<p>&nbsp;<\/p>\n<h3>2. Security Headers: X-Frame-Options<\/h3>\n<p>Security Headers <strong>X-Frame-Options<\/strong> is designed to improve the security of our websites against <strong>ClickJacking <\/strong>attacks. It is supported by all browsers and prevents an attacker from iframing the content of your site into others. You can enable it by modifying your Apache settings or <em>.htaccess<\/em> file:<\/p>\n<pre class=\"brush: php; title: ; notranslate\" title=\"\">\n&lt;IfModule mod_headers.c&gt;\n  Header always append X-Frame-Options SAMEORIGIN\n&lt;\/IfModule&gt;\n<\/pre>\n<p>&nbsp;<\/p>\n<h3>3. Security Headers: X-Content-Type: nosniff<\/h3>\n<p>Security Headers <strong>X-Content-Type: nosniff<\/strong> is designed to improve the security of our websites(and website users) and helps to reduce the danger of drive-by downloads, and helps treat the content inthe\u00a0 right way. You can enable it by modifying your Apache settings or <em>.htaccess<\/em> file:<\/p>\n<pre class=\"brush: php; title: ; notranslate\" title=\"\">\n&lt;IfModule mod_headers.c&gt;\n  Header set X-Content-Type-Options nosniff\n&lt;\/IfModule&gt;\n<\/pre>\n<blockquote><p>By implementing these security headers we can protect our website from suspicious attacks<\/p><\/blockquote>\n<p><a href=\"https:\/\/www.hostg.xyz\/aff_c?offer_id=6&amp;aff_id=115521&amp;url_id=35&amp;file_id=1399\" target=\"_blank\" rel=\"noopener\"><img data-recalc-dims=\"1\" fetchpriority=\"high\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/media.go2speed.org\/brand\/files\/hostinger\/6\/EN-970x250.jpg?resize=970%2C250&#038;ssl=1\" width=\"970\" height=\"250\" border=\"0\" alt=\"\"><\/a><img decoding=\"async\" style=\"position: absolute; visibility: hidden;\" src=\"https:\/\/www.hostg.xyz\/aff_i?offer_id=6&amp;file_id=1399&amp;aff_id=115521&amp;url_id=35\" width=\"0\" height=\"0\" border=\"0\" alt=\"\"><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hello, friends, today we will learn about HTTP Security Headers. There are a lot of things to consider while securing our website or web applications. HTTP Security Header is one of the best options. Implementing HTTP Security Headers is very easy on the server. HTTP Security Header provides another level of security by minimizing attacks [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":4837,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"site-sidebar-layout":"default","site-content-layout":"default","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"set","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[153,156,4],"tags":[157,160,159,158],"class_list":["post-4827","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-maintenance","category-security","category-wordpress","tag-security-headers","tag-x-content-type-nosniff","tag-x-frame-options","tag-x-xss-protection"],"acf":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/phpyouth.com\/blog\/wp-content\/uploads\/2018\/08\/http-security-header.png?fit=560%2C315&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p8zepR-1fR","jetpack_likes_enabled":true,"jetpack-related-posts":[{"id":4443,"url":"https:\/\/phpyouth.com\/blog\/4-vital-monthly-wordpress-maintenance-tasks\/","url_meta":{"origin":4827,"position":0},"title":"4 Vital Monthly WordPress Maintenance Tasks","author":"RK Jajoria","date":"July 16, 2018","format":false,"excerpt":"Hello Friends, today we will learn about 4 Vital Monthly WordPress Maintenance tasks which we need to do regularly. But first, we need to understand why WordPress maintenance is important. We think that once our\u00a0 WordPress website is completed and live, our work is over, but that's not true. If\u2026","rel":"","context":"In &quot;Maintenance&quot;","block_context":{"text":"Maintenance","link":"https:\/\/phpyouth.com\/blog\/category\/wordpress\/maintenance\/"},"img":{"alt_text":"wordpress maintenance","src":"https:\/\/i0.wp.com\/phpyouth.com\/blog\/wp-content\/uploads\/2018\/07\/wordpress-maintenance.png?fit=560%2C315&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/phpyouth.com\/blog\/wp-content\/uploads\/2018\/07\/wordpress-maintenance.png?fit=560%2C315&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/phpyouth.com\/blog\/wp-content\/uploads\/2018\/07\/wordpress-maintenance.png?fit=560%2C315&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":12426,"url":"https:\/\/phpyouth.com\/blog\/best-hosting-for-business-websites\/","url_meta":{"origin":4827,"position":1},"title":"Best Hosting for Business Websites 2026 \u2013 Honest Comparison","author":"RK Jajoria","date":"April 27, 2026","format":false,"excerpt":"Introduction Choosing the best hosting for business websites in 2026 is one of the most critical decisions you'll make for your online success. Your hosting provider directly impacts website speed, uptime, security, search engine rankings, and the overall experience your customers have. It is far more than just a technical\u2026","rel":"","context":"In &quot;Web Hosting&quot;","block_context":{"text":"Web Hosting","link":"https:\/\/phpyouth.com\/blog\/category\/web-hosting\/"},"img":{"alt_text":"Hostinger Best Hosting for Business Websites in 2026","src":"https:\/\/i0.wp.com\/phpyouth.com\/blog\/wp-content\/uploads\/2026\/04\/Best-Hosting-for-Business-Websites-in-2026-1-e1778241548674.png?fit=880%2C491&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/phpyouth.com\/blog\/wp-content\/uploads\/2026\/04\/Best-Hosting-for-Business-Websites-in-2026-1-e1778241548674.png?fit=880%2C491&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/phpyouth.com\/blog\/wp-content\/uploads\/2026\/04\/Best-Hosting-for-Business-Websites-in-2026-1-e1778241548674.png?fit=880%2C491&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/phpyouth.com\/blog\/wp-content\/uploads\/2026\/04\/Best-Hosting-for-Business-Websites-in-2026-1-e1778241548674.png?fit=880%2C491&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":12704,"url":"https:\/\/phpyouth.com\/blog\/speed-up-wordpress-core-web-vitals\/","url_meta":{"origin":4827,"position":2},"title":"How to Speed Up WordPress in 2026: The Ultimate Core Web Vitals Checklist","author":"RK Jajoria","date":"June 1, 2026","format":false,"excerpt":"Quick Answer (AI Search Optimized): To speed up WordPress in 2026, follow these steps in order: (1) Upgrade to managed hosting with PHP 8.2+ and TTFB under 200ms. (2) Install WP Rocket or LiteSpeed Cache. (3) Convert images to WebP and preload the hero LCP image. (4) Use a lightweight\u2026","rel":"","context":"In &quot;Speed Performance&quot;","block_context":{"text":"Speed Performance","link":"https:\/\/phpyouth.com\/blog\/category\/wordpress\/speed-performance\/"},"img":{"alt_text":"speed up wordpress, core web vitals","src":"https:\/\/i0.wp.com\/phpyouth.com\/blog\/wp-content\/uploads\/2026\/05\/how-to-speed-up-wordpress-2026-featured.webp.webp?fit=1200%2C630&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/phpyouth.com\/blog\/wp-content\/uploads\/2026\/05\/how-to-speed-up-wordpress-2026-featured.webp.webp?fit=1200%2C630&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/phpyouth.com\/blog\/wp-content\/uploads\/2026\/05\/how-to-speed-up-wordpress-2026-featured.webp.webp?fit=1200%2C630&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/phpyouth.com\/blog\/wp-content\/uploads\/2026\/05\/how-to-speed-up-wordpress-2026-featured.webp.webp?fit=1200%2C630&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/phpyouth.com\/blog\/wp-content\/uploads\/2026\/05\/how-to-speed-up-wordpress-2026-featured.webp.webp?fit=1200%2C630&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":6005,"url":"https:\/\/phpyouth.com\/blog\/7-best-web-hosting-for-your-website\/","url_meta":{"origin":4827,"position":3},"title":"7 Best Web Hosting For Your Website","author":"RK Jajoria","date":"October 6, 2022","format":false,"excerpt":"In this article, we will talk about the importance of choosing a good web hosting. We will also suggest the best web hosting for your website. If you choose the wrong web hosting provider, you will pay for more than just poor service. You need to get this right because\u2026","rel":"","context":"In &quot;Web Hosting&quot;","block_context":{"text":"Web Hosting","link":"https:\/\/phpyouth.com\/blog\/category\/web-hosting\/"},"img":{"alt_text":"Best-web-hosting","src":"https:\/\/i0.wp.com\/phpyouth.com\/blog\/wp-content\/uploads\/2022\/10\/Best-web-hosting.webp?fit=1100%2C650&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/phpyouth.com\/blog\/wp-content\/uploads\/2022\/10\/Best-web-hosting.webp?fit=1100%2C650&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/phpyouth.com\/blog\/wp-content\/uploads\/2022\/10\/Best-web-hosting.webp?fit=1100%2C650&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/phpyouth.com\/blog\/wp-content\/uploads\/2022\/10\/Best-web-hosting.webp?fit=1100%2C650&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/phpyouth.com\/blog\/wp-content\/uploads\/2022\/10\/Best-web-hosting.webp?fit=1100%2C650&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":4973,"url":"https:\/\/phpyouth.com\/blog\/enable-gzip-compression\/","url_meta":{"origin":4827,"position":4},"title":"How to enable GZIP compression","author":"RK Jajoria","date":"July 2, 2019","format":false,"excerpt":"Hello, friends, today\u2019s topic is how to enable GZIP compression on your web server. If you know what GZIP is and how to enable it, that\u2019s good. But if you don\u2019t, please read this tutorial till the end. What is GZIP Compression? GZIP is a file format and software application\u2026","rel":"","context":"In &quot;cPanel&quot;","block_context":{"text":"cPanel","link":"https:\/\/phpyouth.com\/blog\/category\/web-hosting\/cpanel\/"},"img":{"alt_text":"GZIP-Compression","src":"https:\/\/i0.wp.com\/phpyouth.com\/blog\/wp-content\/uploads\/2019\/07\/GZIP-Compression.png?fit=560%2C315&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/phpyouth.com\/blog\/wp-content\/uploads\/2019\/07\/GZIP-Compression.png?fit=560%2C315&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/phpyouth.com\/blog\/wp-content\/uploads\/2019\/07\/GZIP-Compression.png?fit=560%2C315&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":4910,"url":"https:\/\/phpyouth.com\/blog\/top-6-wordpress-plugins-in-2020\/","url_meta":{"origin":4827,"position":5},"title":"Top 6 plugins for your WordPress Site in 2020","author":"RK Jajoria","date":"February 18, 2020","format":false,"excerpt":"Hello, friends, today we will talk about the top 6 WordPress plugins in 2020, which are important and should be installed on your website. To begin with, these plugins not only add amazing functionality to our website but also make your work a lot easier. Moreover, in 2020, using plugins\u2026","rel":"","context":"In &quot;Plugins&quot;","block_context":{"text":"Plugins","link":"https:\/\/phpyouth.com\/blog\/category\/wordpress\/plugins\/"},"img":{"alt_text":"top 6 wp plugins","src":"https:\/\/i0.wp.com\/phpyouth.com\/blog\/wp-content\/uploads\/2019\/04\/top-6-wp-plugins-1.png?fit=560%2C315&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/phpyouth.com\/blog\/wp-content\/uploads\/2019\/04\/top-6-wp-plugins-1.png?fit=560%2C315&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/phpyouth.com\/blog\/wp-content\/uploads\/2019\/04\/top-6-wp-plugins-1.png?fit=560%2C315&ssl=1&resize=525%2C300 1.5x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/phpyouth.com\/blog\/wp-json\/wp\/v2\/posts\/4827","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/phpyouth.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/phpyouth.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/phpyouth.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/phpyouth.com\/blog\/wp-json\/wp\/v2\/comments?post=4827"}],"version-history":[{"count":0,"href":"https:\/\/phpyouth.com\/blog\/wp-json\/wp\/v2\/posts\/4827\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/phpyouth.com\/blog\/wp-json\/wp\/v2\/media\/4837"}],"wp:attachment":[{"href":"https:\/\/phpyouth.com\/blog\/wp-json\/wp\/v2\/media?parent=4827"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/phpyouth.com\/blog\/wp-json\/wp\/v2\/categories?post=4827"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/phpyouth.com\/blog\/wp-json\/wp\/v2\/tags?post=4827"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}