'__Headers in .htaccess-file to secure website__

I wish you all a good day and a nice start in the Weekend :)

I set the next Headers in htaccess-file:

# Security Headers
<IfModule mod_headers.c>
   

 -  Header set Strict-Transport-Security "max-age=31536000" env=HTTPS
 -  Header set X-Permitted-Cross-Domain-Policies "none"
 -  Header set X-XSS-Protection "1; mode=block"
 -  Header set X-Frame-Options "deny"
 -  Header set X-Content-Type-Options "nosniff"
 -  Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
 -  # Header set Content-Security-Policy ...
 -  Header set Referrer-Policy "no-referrer"
 -  Header set Feature-Policy "geolocation 'self'; vibrate 'none'"
</IfModule>

but when i scan my Website on "securityheader" it shows all the headers in red color. It means the website is not secure.

I would be so thankful, if someone likes/can show me the error?

Thank you and Best regards

.htaccesshttpheaderx-frame-options


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

How does webserver handle HTTP POST [closed]

HTTP response code for POST when resource already exists

Python: How do I get key/value pairs from the BaseHTTPRequestHandler HTTP POST handler?

How to resolve the issue of HTTP ERROR 405 [closed]

Getting directory listing over http

How do I use Django piston to return a response in text/plain?

How websockets can be faster than a simple HTTP request?

Angular 7: Sending post request gives error 405 (Method not allowed)

How progressive rendering works?

HTTP simultaneous connections per host limit... are per tab, browser instance or global?

Get a JSON file (that contains Hebrew values) from a remote server and parse it in Node.js

Python requests speed up using keep-alive

RESTful - What should a DELETE response body contain

Check if online resource is reachable with JavaScript, not requiring the The Same Origin Policy to allow it

Better Event centric way to solve request-reply problem in Kafka or any streaming service