HTTP security for Divi WordPress websites

by | Dec 5, 2020 | Web Development

To improve the security of your website extra headers can be added to your website using .htaccess.
If you’re using Divi in your WordPress website, add the following to your .htaccess file (at the top).
# Server Security
<IfModule mod_headers.c>
Header set Strict-Transport-Security “max-age=10886400; includeSubDomains; preload”
Header set X-XSS-Protection "1; mode=block"
Header set X-Content-Type-Options "nosniff"
Header set Referrer-Policy "same-origin"
Header set Feature-Policy "geolocation 'self'; vibrate 'none'"
Header add Content-Security-Policy "default-src 'self' https://fonts.gstatic.com https://secure.gravatar.com 'unsafe-inline' 'unsafe-eval' data:;"
</IfModule>

Reload your website and make sure the console shows no errors. If your website loads scripts, fonts or images from external websites you trust, add those website’s domain names next to https://fonts.gstatic.com above.
Then measure your security score @ the Web Page Test website.