Now available! Manage your sites, clients, and billing all from one place with Growth Suite.

Learn More
Menu

How to improve your site’s security audit score

Updated on July 14th, 2021

You may have received a report from a security audit or website, such as securityheaders.com, that encourages you to add HTTP security headers to your WordPress site.

Basic HTTP security headers can be added very easily using the plugin HTTP Headers. In this article, we’ll talk about what HTTP security headers are and how to add them to your site.

What are HTTP security headers?

HTTP security headers are response headers designed to prevent web browsers from encountering security vulnerabilities. For example, enabling the HSTS (HTTP Strict Transport Security) header will direct web browsers to interact with a site via HTTPS only, and all HTTP requests will be ignored. HTTP security headers can also help guard against attacks such as clickjacking, man-in-the-middle (MITM), and cross site scripting (XSS).

How can I add HTTP security headers to my site on Flywheel?

The easiest way to enable HTTP security headers is to use the plugin HTTP Headers. This plugin allows for easy configuration of a variety of headers with just a few clicks. The main benefits of using the plugin versus other methods are its ease of use and the fact that you can make changes at any time without having to alter code directly or reach out to Flywheel support. This plugin addresses 99% of issues flagged by reports from sites like securityheaders.com or geekflare.

Note

To ensure compatibility with Flywheel, enable “Use PHP to send headers” in the advanced settings of the HTTP Headers plugin.

More on HTTP Headers

For a general overview of HTTP headers and other methods of implementation, check out this help doc.

Was this article helpful?

Getting Started

New to Flywheel? Start here, we've got all the information you'll need to get started and launch your first site!

View all

Account Management

Learn all about managing your Flywheel user account, Teams and integrations.

View all

Billing

Everything about billing, invoices and payments can be found here.

View all

Features

Flywheel hosting plans include a ton of great features. Learn about how to get a free SSL certificate, set up a staging site, and more!

View all

Platform Info

All the server and setting info you'll need to help you get the most out of your Flywheel hosting plan!

View all

Site Management

Tips and tricks for managing your sites on Flywheel, including going live, troubleshooting issues and migrating or cloning sites.

View all

Growth Suite

Learn more about Growth Suite, our all-in-one solution for freelancers and agencies to grow more quickly and predictably.

View all

 

Flywheel help

Help is just a click away! Log into the Flywheel dashboard to instantly chat with an expert, open a ticket, or follow along with in-depth documentation. We happily offer support 24 hours a day, 7 days a week, 365 days a year!

Log in

Try Flywheel today

Launch your next WordPress site in minutes.

 Free migrations  24/7/365 support  14‑day demo sites