Join our Facebook Group
ScriptsTribe • Sngine • Community
Join

Security Headers Scanner

Check your website's security headers

How to Fix

Add this code to your .htaccess file: 

<IfModule mod_headers.c>
    # Enforce HTTPS
    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
    
    # Content Security Policy
    Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';"
    
    # Prevent Clickjacking
    Header always set X-Frame-Options "SAMEORIGIN"
    
    # Prevent MIME Sniffing
    Header always set X-Content-Type-Options "nosniff"
    
    # Referrer Policy
    Header always set Referrer-Policy "strict-origin-when-cross-origin"
    
    # Permissions Policy
    Header always set Permissions-Policy "geolocation=(), microphone=(), camera=()"
    
    # Cross-Origin Headers
    Header always set Cross-Origin-Embedder-Policy "unsafe-none"
    Header always set Cross-Origin-Opener-Policy "same-origin-allow-popups"
    Header always set Cross-Origin-Resource-Policy "cross-origin"
</IfModule>
Security Headers Explained
Hlavička Popis
server Advertises server software. Remove to prevent information disclosure.
x-powered-by Reveals technologies like PHP. Remove to obscure server details.
strict-transport-security HSTS enforces HTTPS and prevents downgrade attacks.
content-security-policy Prevents XSS by specifying trusted content sources.
x-frame-options Prevents clickjacking by controlling frame embedding.
x-content-type-options Prevents MIME sniffing with nosniff.
referrer-policy Controls referrer information sent with links.
permissions-policy Controls browser features like geolocation and camera.
cross-origin-* Manages cross-origin resource loading and isolation.
© 2026 ScriptsTribe Czech
English Arabic Czech French Spanish Portuguese Deutsch Turkish Dutch Italiano Russian Romaian Portuguese (Brazil) Greek
Forums Rules Private Message Rules Refund Policy Anti-Piracy Policy O nás Podmínky Soukromí Kontaktujte nás Support Center Adresář
ScriptsTribe https://scriptstribe.com