How to add your own custom Nginx headers (or reset existing headers)

To add a custom header to your websites you can use the more_set_headers directive. https://github.com/openresty/headers-more-nginx-module This article will walk you through how to: – Add a custom header to either an individual website Add a custom header to all of the websites on your server Formatting Reset existing headers Reset headers on static files Use custom headers […]

IFrames, X-Frame-Options and how to disable Clickjacking protection

TABLE OF CONTENTS What is Clickjacking? GridPane Clickjacking Protection Disabling Clickjacking Disabling Clickjacking for HTML and Other Static Files What is Clickjacking? Clickjacking (classified as a User Interface redress attack, UI redress attack, UI redressing) is a malicious technique of tricking a user into clicking on something different from what the user perceives, thus potentially […]

How to Create a Content Security Policy (CSP Header)

TABLE OF CONTENTS Introduction CSPs and GridPane A CSP is More Than Just a Box to Check Creating Your Content Security Policy Config – GridPane’s Default Content Security Policy Formatting Creating/Customizing Your Own Content Security Policies Testing a Content Security Policy Add Your Customizations to Your Server Further Reading Introduction A Content Security Policy (CSP) is […]

PUT Requests for the WooCommerce API and Other Plugins

UPDATE – PUT AND DELETE REQUESTS PUT and DELETE requests are no longer blocked on Nginx servers by default, however, you may still need to configure the dav_methods outlined in this article for your website if the requires them. Introduction  Modern servers do not allow for PUT or DELETE requests to be available by default. On Nginx, these aren’t […]

OPTIONS Requests and Nginx Servers

Introduction  GridPane allows OPTIONS requests out of the box, so plugins such as Prestoplayer will work by default on your servers. However, if you’re using a plugin that requires OPTIONS with a CDN, you may need to add a request header for it to be able to communicate with your site. This article will walk […]

How to add your own custom headers on OpenLiteSpeed (or reset existing headers)

Introduction Adding your own custom headers to your WordPress websites on OpenLiteSpeed (OLS) servers is quick and simple. Each of your websites has the following directory:  /var/www/site.url/ols/ Here you’ll find the headers.conf file, which is where you’ll find your website’s default security headers, and where you can add your own custom headers as well. You don’t need […]