Header always set Strict-Transport-Security: "includeSubDomains; preload; max-age=31536000" env=HTTPS
Header always set X-XSS-Protection "0"
Header always set X-Content-Type-Options "nosniff"
Header always set Referrer-Policy "strict-origin-when-cross-origin"
Header always set X-Frame-Options: "SAMEORIGIN"
Header always set Permissions-Policy: ""
Header always set Content-Security-Policy "upgrade-insecure-requests"
Improve site security by adding HTTP security header settings
Aside from setting up the SSL certificate on the site, we can add an extra layer of security by adding this block of code in the .htaccess file of our site via the site's cPanel or through FTP:This helps improve the overall site security by securing what is being transported in the HTTP headers.
For more information regarding this topic refer here: https://really-simple-ssl.com/site-health-recommended-security-headers/
