Order Now

Security Response Headers (HSTS)

Security Response Headers

Security response headers are browser directives sent from the server to enhance website security. They help prevent attacks, protect user data, and control how web content behaves.

These headers defend against threats like clickjacking, cross-site scripting (XSS), cookie theft, and MIME-type spoofing.

Common Security Headers:

  • Content-Security-Policy (CSP): Blocks XSS, clickjacking, and code injection by controlling what content can load.

  • Strict-Transport-Security (HSTS): Forces browsers to use HTTPS, preventing downgrade and cookie hijacking attacks.

  • X-Content-Type-Options: Prevents MIME-type sniffing by enforcing declared content types.

  • X-Frame-Options: Blocks clickjacking by preventing your site from being framed by others.

  • X-XSS-Protection: Activates built-in browser filters against XSS (older browsers only).

  • Referrer-Policy: Controls how much referrer data is sent to other sites, improving user privacy.

  • Feature-Policy (Permissions-Policy): Restricts use of browser features like camera, microphone, and geolocation.

  • Access-Control-Allow-Origin (CORS): Defines which domains can access your site’s resources across origins.

  • Cookie Secure and HttpOnly flags: Protect cookies from XSS and JavaScript access.

How to Add Security Headers via .htaccess in cPanel

  1. Log in to cPanel
    Go to https://pluto.dns-za.com:2083/ and log in with your hosting credentials.

  2. Open File Manager
    Under the Files section, click on File Manager.

  3. Navigate to Your Website’s Root Folder

    • For your primary domain, go to the public_html directory.

    • For addon domains, go to the relevant subfolder.

  4. Locate the .htaccess File

    • If you don’t see it, click Settings (top-right) and enable Show Hidden Files (dotfiles).

    • If the file doesn’t exist, click + File to create one named .htaccess.

  5. Edit the .htaccess File

    • Right-click on .htaccess and select Edit.

    • Click Edit again if a pop-up appears.

  6. Add the Security Headers
    Paste the following at the top or bottom of the file:

				
					# Security Headers
<IfModule mod_headers.c>
Header set Content-Security-Policy "upgrade-insecure-requests"
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains"
Header set X-Xss-Protection "1; mode=block"
Header set X-Frame-Options "SAMEORIGIN"
Header set X-Content-Type-Options "nosniff"
Header set Referrer-Policy "strict-origin-when-cross-origin"
Header set Permissions-Policy "geolocation=self"
</IfModule>

  • Save Changes
    Click Save Changes in the editor, then close the tab.

  • Test Your Site
    Visit your site to confirm everything loads correctly.
    You can use https://123media.co.za/hsts/ to verify that headers are active.

Categories

IMAP vs POP3

IMAP vs POP3: Understanding the Difference When setting up your email account, you may encounter two common protocols for accessing

Read More »

Ready to Get Started?

With 99.9% Uptime, 24/7 support and a 30 day money-back guarantee. We don’t believe in contracts, all our plans are month to month.
Order Now
Email us
123-new-light
123media CC. All rights reserved.

Services

Help

Vision & Mission

We are committed to effectively market our client’s services and strive to ensure the long-term success of their web presence. With various packages to choose from we can assist businesses to grow to their maximum potential.