How to Improve Security Score?

How to Improve Security Score from E to A+ on Webpagetest …
Even after adding Security headers in Nginx config there is no any change in security score…
FYI, this site has cloudflare enabled…

on the other side I have added the same Security headers to other site which is not enabled cloudflare… Its showing A+ on Webpagetest

You need to add recommended Headers rule in the config file. Then, reload the the NGINX.

Alternatively, use below plugin.

1 Like

I have added following lines in /etc/nginx/nginx.conf it has shown A+ on webpagetest… but it has created a conflict i wordpress dashboard… unable to add new themes and posts.
hope this plugin will help.

add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';
add_header Content-Security-Policy "default-src 'self'; font-src *;img-src * data:; script-src *; style-src *";
add_header X-XSS-Protection "1; mode=block";
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options nosniff;
add_header Referrer-Policy "strict-origin";
add_header Permissions-Policy "geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()";