www.webpagetest.org - finds out that wordpress sites hosted on cyberpanel does have security issues and gives “F” score.
Need to add these:
Strict Transport Security (HSTS)
A HSTS Policy informing the HTTP client how long to cache the HTTPS only policy and whether this applies to subdomains.
X Content Type Options
The only defined value, “nosniff”, prevents Internet Explorer from MIME-sniffing a response away from the declared content-type. This also applies to Google Chrome, when downloading extensions
X Frame Options
Clickjacking protection: deny - no rendering within a frame, sameorigin - no rendering if origin mismatch, allow-from - allow from specified location, allowall - non-standard, allow from any location
Content Security Policy
A computer security standard introduced to prevent cross-site scripting (XSS), clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context
X XSS Protection
A Cross-site scripting filter