Security headers

#1
Hi,
I'm new to this and looking for help with Security headers:
Running a report on all of my sites I am met with these:
Missing Content-Security-Policy Header
Missing HSTS Header
Missing Secure Referrer-Policy Header
Missing X-Content-Type-Options Header
Missing X-Frame-Options Header

Does LiteSpeed cache have settings for this? I tried an alternative plug-in HTTP Headers, but that doesn't work with Lightspeed servers, which I'm on.

When entering this code into the php.functions file, and running the reports again the errors are still reported:
function set_custom_http_headers() {
header('Strict-Transport-Security: max-age=31536000; includeSubDomains');
header('Referrer-Policy: no-referrer-when-downgrade');
header('X-Content-Type-Options: nosniff');
header('X-Frame-Options: SAMEORIGIN');
}
add_action('send_headers', 'set_custom_http_headers');
Plus, if i add this line: header('Content-Security-Policy: default-src \'self\';');
it 'breaks my website header.

Any help would be much appreciated please.
 
#3
Hi, thanks for replying. I am looking at the responses and I can't follow. Are you able to offer the answer in more simple terms? I am using LiteSpeed cache as recommended by my host.
 
#7
Implementing robust security headers is paramount for web safety. Features like Content Security Policy (CSP) and HTTP Strict Transport Security (HSTS) enhance protection against various cyber threats, ensuring a secure online environment.
 
Top