With the new Security Headers feature in Solid Security Pro, that complexity is gone.
Security headers are critical for protecting your site visitors from browser-based attacks such as clickjacking, code injection, and data leaks. These settings tell the browser what to allow, what to block, and how to behave when loading your site.
But until now, implementing these headers has meant editing Apache or NGINX server configuration files – a risky and inaccessible process for many WordPress users.
Solid Security Pro now brings these protections into a simple settings interface.
- X-Frame options: Prevents your site from being embedded in malicious iframes.
- X-Content-Type options: Blocks browsers from guessing dangerous content types.
- Referrer policy: Controls how much data is passed to external sites when links are followed.
- Content Security Policy: Restricts where browsers can load scripts, styles, and other resources.
These headers are sent via PHP by default, so you can safely experiment with them. Would you prefer an implementation at server level? You can enable it with one switch and Solid Security will make the changes for you.
Even better, Solid Security Pro scans your site daily and notifies you if your header configuration is missing, broken, or unsafe. Issues appear on your dashboard and are marked as critical in your logs.
Step 1: Enable security headers
Navigate to Solid security? Institutions ? Advanced
You will find a new one Security headlines switch.
Enable the feature and expand the section to reveal configuration options.
Step 2: Configure the header options
Once enabled, you will see five configuration settings.
Here’s what each setting does:
Use Server Configuration
By default, headers are sent via PHP. If you prefer Apache or NGINX to handle them directly, enable this option and Solid Security will automatically update your server configuration.
X-Frame options
Determines whether your site can be embedded in an iframe. This protects against clickjacking attacks designed to trick users into giving away login credentials.
X-Content-Type options
Prevents browsers from guessing file types. This reduces the risk of malicious files being executed as scripts.
Referrer policy
Limits what referral data is shared when visitors click on links to other sites. This helps prevent accidental exposure of sensitive URL parameters.
Content Security Policy
Determines from which domains browsers can load scripts, styles, and other resources. This is one of the most powerful defenses against injected third-party code.
For advanced configurations, you can generate policies using tools such as Report UI and paste them directly into the field.
Step 3: Automatic daily checks and alerts
Security headers are not only configurable, they are also monitored.
When the feature is enabled, Solid Security will log a daily scheduled check to verify that your headers are present and configured correctly.
If an issue is detected – such as missing or misconfigured headers – you will receive a notification directly in your dashboard.
Any detected issues will also appear in your logs and be marked as Criticalso you can tackle them straight away.
This means that no manual audits take place. No surprises. Just proactive visibility.
Want deeper technical guidance or advanced configuration details? Discover the complete documentation on security headers.
If you manage customer sites, this update will increase your productivity while strengthening the security of each site. It’s the kind of proactive control that turns emergencies into “done.”
This feature is now available in Solid security professional – and incorporated into Solid suite for even more protection and time-saving tools.
#Improve #browser #security #minutes #robust #security #headers