How can I add necessary security headers and resolve certificate issues on my website without coding

Hosting Support
1

(https://www.healthy-raho.com)

2
21308×669 36.5 KB

To address the reported headers and issues on your website, you may need to work with a developer or use website hosting services that support the required security headers like Strict-Transport-Security, Content-Security-Policy, Frame-Options, Content-Type-Options, Referrer-Policy, and Permissions-Policy, while also ensuring proper SSL certificate installation for resolving the “No HSTS header” and “Certificate issue” problems.

2

Hi and welcome to the forum

Many of those online test/tools will display errors because they do not support javascript and cookies

So it’s best to test through browser dev. tools (F12)
and you can see which headers were returned by the server


Since you are the owner of the domain, it is easier for you to do it through Cloudflare
but it can also be done via .htaccess or php etc…
now it all depends on what kind of website you have

but I remind you, don’t just copy the values if you don’t know what you’re doing, because the wrong settings can make your website inaccessible to someone

(CF offers somewhere in its options to put some of these security headers itself)

Manual:

Cloudflare - new way Tips for quality website design - #258 by Oxy

Cloudflare - the old way (but contains code that may be useful to you) Tips for quality website design - #194 by Oxy

blah blah - How to improve the performance - #3 by Oxy


More info (click on each one listed to find out what it is for and what kind of code you need) Enforcing Security Headers with Cloudflare Transform Rules - Paramdeo Singh

image

Domain on CF

11 Likes
3

Here is an example of how to see it in your browser

Visit your website with developer tools turned on
(and you should also have enabled the option to log requests )
image


  1. select the console or network tab
    press CTRL + F5 (to download all files again from the server - refresh)

Screenshot 2024-01-29 221251
Screenshot 2024-01-29 2212511576×762 214 KB

  1. click on one of the REQs (preferably the first one that concerns the domain and where the home page code is actually loaded)

and then you see the result under the Response Headers subsection

Screenshot 2024-01-29 221149
Screenshot 2024-01-29 2211491525×660 121 KB

the result shows the state of your website

8 Likes
4

i am unable to understand properly and can yo also tell me how to enable mod_headers and i am not able to add cloudflare ssl and many other problems happen

5

The TL;DR is: security scanners are blocked on our hosting. So even if you have setup the security headers correctly, those scanners won’t be able to see them.

mod_headers is enabled by default. The issue here is not that your website is not returning the right headers, it’s that the header scanner is unable to access your website in the first place.

Why not?

Such as?

6 Likes
6

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.