WordPress Issue

WordPress security headers incomplete

The homepage is missing or misconfiguring one or more baseline security headers.

Quick win: Set x-content-type-options to nosniff on homepage responses.

Run free scan Create account View Pro pricing All issue guides

Plan coverage for this workflow

Free includes SEO checks, crawl health, and WordPress security posture visibility. Pro unlocks full WordPress vulnerability intelligence, weekly vulnerability monitoring, and project-level security history.

Run free scan Compare Free vs Pro

Why it matters

Missing baseline headers increase client-side security risk and can signal avoidable hardening gaps on a high-visibility URL.

How to fix

Set x-content-type-options to nosniff on homepage responses.
Enforce frame protection with x-frame-options or a frame-ancestors directive in Content-Security-Policy.
Add a referrer-policy header and include strict-transport-security when HTTPS is enforced.

Related issue guides

Next best step

Header hardening has more impact when insecure protocol variants are removed with strict redirect behavior.

Ensure HTTPS is always enforced

Next step: run a fresh scan for current issue counts, then triage fixes in order. You can also browse by category in SEO checks and WordPress checks.