Title: Recomendations Security Header Last modified: March 12, 2018 --- # Recomendations Security Header * Resolved [Echelon](https://wordpress.org/support/users/hehe1234/) * (@hehe1234) * [8 years, 3 months ago](https://wordpress.org/support/topic/recomendations-security-header-2/) * Hi. * I have three recomendations in Dashboard: * [http://files.tinypic.pl/i/00961/qvqy32rmdfer.png](http://files.tinypic.pl/i/00961/qvqy32rmdfer.png) * I add in file .htaccess this code (from your site [https://kb.sucuri.net/warnings/hardening/headers-x-xss-protection](https://kb.sucuri.net/warnings/hardening/headers-x-xss-protection)) * Header set X-XSS-Protection “1; mode=block” Header always append X-Frame-Options SAMEORIGIN Header set X-Content-Type-Options nosniff * but Recomendations in Dashboard still are. Viewing 6 replies - 1 through 6 (of 6 total) * [yorman](https://wordpress.org/support/users/yorman/) * (@yorman) * [8 years, 3 months ago](https://wordpress.org/support/topic/recomendations-security-header-2/#post-10065517) * > but Recomendations in Dashboard still are * This may be because your server doesn’t have the `mod_headers` module. * Or the results of the malware scanner are still cached, you have to wait 20 minutes for the cache to be reset, or you can reset it yourself from the “Data Storage” panel located in the plugin’ settings page. The file is called `sucuri-sitecheck. php`. * Thread Starter [Echelon](https://wordpress.org/support/users/hehe1234/) * (@hehe1234) * [8 years, 3 months ago](https://wordpress.org/support/topic/recomendations-security-header-2/#post-10065544) * I delete this file, log out and login again. * This doesn’t work. * Maybe this is first reason. * How can I check my server for mod_headers module? * [yorman](https://wordpress.org/support/users/yorman/) * (@yorman) * [8 years, 3 months ago](https://wordpress.org/support/topic/recomendations-security-header-2/#post-10065561) * > How can I check my server for mod_headers module? * It depends on what software you are actually using. - If you are using the Apache web server, then execute `apachectl -M` - Other versions of Apache also allow for `apachectl -t -D DUMP_MODULES` - If you are using the Apache web server on CentOS, execute `httpd -M` - If you are using Nginx, execute `nginx -V` and search `_module` - Ask your hosting provider if you are using another web server * Thread Starter [Echelon](https://wordpress.org/support/users/hehe1234/) * (@hehe1234) * [8 years, 3 months ago](https://wordpress.org/support/topic/recomendations-security-header-2/#post-10065564) * My file .htaccess is now: * # BEGIN WordPress RewriteEngine On RewriteBase / RewriteRule ^index\.php$ – [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME}!- d RewriteRule . /index.php [L] * Header set X-XSS-Protection “1; mode=block” Header always append X-Frame-Options SAMEORIGIN Header set X-Content-Type-Options nosniff # END WordPress * Is this Ok? * [yorman](https://wordpress.org/support/users/yorman/) * (@yorman) * [8 years, 3 months ago](https://wordpress.org/support/topic/recomendations-security-header-2/#post-10065660) * > Is this Ok? * Yes, it looks okay to me. * But remember that `IfModule` only executes the code inside if that module exists. * If you don’t have `mod_rewrite` or `mod_headers` those instructions will not work. * Thread Starter [Echelon](https://wordpress.org/support/users/hehe1234/) * (@hehe1234) * [8 years, 3 months ago](https://wordpress.org/support/topic/recomendations-security-header-2/#post-10065731) * I know 😉 * Thanks for your help. Viewing 6 replies - 1 through 6 (of 6 total) The topic ‘Recomendations Security Header’ is closed to new replies. * ![](https://ps.w.org/sucuri-scanner/assets/icon-256x256.png?rev=2875755) * [Sucuri Security - Auditing, Malware Scanner and Security Hardening](https://wordpress.org/plugins/sucuri-scanner/) * [Frequently Asked Questions](https://wordpress.org/plugins/sucuri-scanner/#faq) * [Support Threads](https://wordpress.org/support/plugin/sucuri-scanner/) * [Active Topics](https://wordpress.org/support/plugin/sucuri-scanner/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/sucuri-scanner/unresolved/) * [Reviews](https://wordpress.org/support/plugin/sucuri-scanner/reviews/) * 6 replies * 2 participants * Last reply from: [Echelon](https://wordpress.org/support/users/hehe1234/) * Last activity: [8 years, 3 months ago](https://wordpress.org/support/topic/recomendations-security-header-2/#post-10065731) * Status: resolved