Security Headers by ScriptsTribe

Scan your site now

📊 Got bad Results? Here is how to fix.
Open your root htaccess file and add the code below 

<IfModule mod_headers.c>
    # Enforce HTTPS
    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
    # Content Security Policy
    Header always set Content-Security-Policy "connect-src 'self' * data: blob: 'unsafe-inline' 'unsafe-eval';"
    # Prevent Clickjacking
    Header always set X-Frame-Options "SAMEORIGIN"
    # Prevent MIME Sniffing
    Header always set X-Content-Type-Options "nosniff"
    # Referrer Policy
    Header always set Referrer-Policy "strict-origin-when-cross-origin"
    # Permissions Policy
    Header always set Permissions-Policy "geolocation=(), microphone=(), camera=()"
    # Cross-Origin Headers
    Header always set Cross-Origin-Embedder-Policy "unsafe-none"
    Header always set Cross-Origin-Opener-Policy "same-origin-allow-popups"
    Header always set Cross-Origin-Resource-Policy "cross-origin"
</IfModule>
📊 More Info
Header Description
server This Server header advertises the software used. It's recommended to remove or modify this value.
x-powered-by This reveals technologies like PHP or ASP.NET. Removing or altering it helps obscure server details.
set-cookie This cookie lacks SameSite and Secure flags. Consider setting those for better security.
strict-transport-security HSTS enforces secure HTTPS connections. Great for improving TLS implementation.
content-security-policy Helps prevent XSS attacks by specifying trusted content sources. Consider using a strict CSP.
x-frame-options Prevents your site from being embedded in frames. Protects against clickjacking.
x-content-type-options Prevents MIME type sniffing. Use nosniff to enforce declared content types.
referrer-policy Controls what information is sent with outbound links. Enhances privacy and security.
permissions-policy Controls browser features like geolocation or camera. Helps reduce misuse of APIs.
cross-origin-* Headers like COEP, COOP, and CORP help manage cross-origin resource loading and isolation.
© 2025 ScriptsTribe English
English Arabic French Spanish Portuguese Deutsch Turkish Dutch Italiano Russian Romaian Portuguese (Brazil) Greek
Assets Credits Forums Rules Private Message Rules Refund Policy Anti-Piracy Policy About Terms Privacy Contact Us Directory