We value your privacy

We use cookies to enhance your browsing experience, serve personalised ads or content, and analyse our traffic. By clicking "Accept All", you consent to our use of cookies. Read more.

Customise Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorised as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

  • Cookie
    XSRF-TOKEN
  • Duration
    2 hours
  • Description
    This cookie enhances visitor browsing security by preventing cross-site request forgery.
  • Cookie
    intercom-id-*
  • Duration
    8 months 26 days 1 hour
  • Description
    Intercom sets this cookie that allows visitors to see any conversations they've had on Intercom websites.
  • Cookie
    intercom-session-*
  • Duration
    7 days
  • Description
    Intercom sets this cookie that allows visitors to see any conversations they've had on Intercom websites.
  • Cookie
    intercom-device-id-*
  • Duration
    8 months 26 days 1 hour
  • Description
    Intercom sets this cookie that allows visitors to see any conversations they've had on Intercom websites.
  • Cookie
    _GRECAPTCHA
  • Duration
    6 months
  • Description
    Google Recaptcha service sets this cookie to identify bots to protect the website against malicious spam attacks.
  • Cookie
    rc::a
  • Duration
    Never Expires
  • Description
    This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
  • Cookie
    rc::f
  • Duration
    Never Expires
  • Description
    This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
  • Cookie
    rc::c
  • Duration
    session
  • Description
    This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
  • Cookie
    rc::b
  • Duration
    session
  • Description
    This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
  • Cookie
    cookieyes-consent
  • Duration
    1 year
  • Description
    CookieYes sets this cookie to remember users' consent preferences so that their preferences are respected on subsequent visits to this site. It does not collect or store any personal information about the site visitors.
  • Cookie
    __cf_bm
  • Duration
    1 hour
  • Description
    This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
  • Cookie
    _cfuvid
  • Duration
    session
  • Description
    Calendly sets this cookie to track users across sessions to optimize user experience by maintaining session consistency and providing personalized services
  • Cookie
    keep_alive
  • Duration
    1 hour
  • Description
    The keep_alive cookie is used to maintain a user's session active on a website, preventing automatic logout during periods of inactivity.
  • Cookie
    localization
  • Duration
    1 year
  • Description
    The localization cookie stores user preferences for language and region to provide a personalized browsing experience.
  • Cookie
    _tracking_consent
  • Duration
    1 year
  • Description
    Shopify sets this cookie to store a user's preferences if a merchant has set up privacy rules in the visitor's region.
  • Cookie
    wpm-test-cookie
  • Duration
    session
  • Description
    The wpm-test-cookie is used to check if the user's browser supports cookies, essential for providing a functional website experience.
  • Cookie
    nlbi_*
  • Duration
    session
  • Description
    The Hotels Network sets this cookie to improve security and provide load-balancing to ensure that a client's requests are sent to the same origin server.
  • Cookie
    visid_incap_*
  • Duration
    1 year
  • Description
    Incapsula sets this cookie to provide cloud-based website security services.
  • Cookie
    incap_ses_*
  • Duration
    session
  • Description
    This is an Incapsula DDoS Protection and Web Application Firewall cookie that is used to relate HTTP requests to a certain session.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

  • Cookie
    yt-remote-device-id
  • Duration
    Never Expires
  • Description
    YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
  • Cookie
    ytidb::LAST_RESULT_ENTRY_KEY
  • Duration
    Never Expires
  • Description
    The cookie ytidb::LAST_RESULT_ENTRY_KEY is used by YouTube to store the last search result entry that was clicked by the user. This information is used to improve the user experience by providing more relevant search results in the future.
  • Cookie
    yt-remote-connected-devices
  • Duration
    Never Expires
  • Description
    YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
  • Cookie
    yt-remote-session-app
  • Duration
    session
  • Description
    The yt-remote-session-app cookie is used by YouTube to store user preferences and information about the interface of the embedded YouTube video player.
  • Cookie
    yt-remote-cast-installed
  • Duration
    session
  • Description
    The yt-remote-cast-installed cookie is used to store the user's video player preferences using embedded YouTube video.
  • Cookie
    yt-remote-session-name
  • Duration
    session
  • Description
    The yt-remote-session-name cookie is used by YouTube to store the user's video player preferences using embedded YouTube video.
  • Cookie
    yt-remote-fast-check-period
  • Duration
    session
  • Description
    The yt-remote-fast-check-period cookie is used by YouTube to store the user's video player preferences for embedded YouTube videos.
  • Cookie
    sp_t
  • Duration
    1 year
  • Description
    The sp_t cookie is set by Spotify to implement audio content from Spotify on the website and also registers information on user interaction related to the audio content.
  • Cookie
    sp_landing
  • Duration
    1 day
  • Description
    The sp_landing is set by Spotify to implement audio content from Spotify on the website and also registers information on user interaction related to the audio content.
  • Cookie
    li_gc
  • Duration
    6 months
  • Description
    Linkedin set this cookie for storing visitor's consent regarding using cookies for non-essential purposes.
  • Cookie
    lidc
  • Duration
    1 day
  • Description
    LinkedIn sets the lidc cookie to facilitate data center selection.
  • Cookie
    yt-remote-cast-available
  • Duration
    session
  • Description
    The yt-remote-cast-available cookie is used to store the user's preferences regarding whether casting is available on their YouTube video player.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

  • Cookie
    _omappvp
  • Duration
    1 year 1 month 4 days
  • Description
    The _omappvp cookie is set to distinguish new and returning users and is used in conjunction with _omappvs cookie.
  • Cookie
    _omappvs
  • Duration
    20 minutes
  • Description
    The _omappvs cookie, used in conjunction with the _omappvp cookies, is used to determine if the visitor has visited the website before, or if it is a new visitor.
  • Cookie
    _gcl_au
  • Duration
    3 months
  • Description
    Google Tag Manager sets the cookie to experiment advertisement efficiency of websites using their services.
  • Cookie
    _ga_*
  • Duration
    1 year 1 month 4 days
  • Description
    Google Analytics sets this cookie to store and count page views.
  • Cookie
    _ga
  • Duration
    1 year 1 month 4 days
  • Description
    Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
  • Cookie
    _hjSessionUser_*
  • Duration
    1 year
  • Description
    Hotjar sets this cookie to ensure data from subsequent visits to the same site is attributed to the same user ID, which persists in the Hotjar User ID, which is unique to that site.
  • Cookie
    _hjSession_*
  • Duration
    1 hour
  • Description
    Hotjar sets this cookie to ensure data from subsequent visits to the same site is attributed to the same user ID, which persists in the Hotjar User ID, which is unique to that site.
  • Cookie
    _fbp
  • Duration
    3 months
  • Description
    Facebook sets this cookie to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising after visiting the website.
  • Cookie
    _gh_sess
  • Duration
    session
  • Description
    GitHub sets this cookie for temporary application and framework state between pages like what step the user is on in a multiple step form.
  • Cookie
    wmc
  • Duration
    1 year 1 month 4 days
  • Description
    Workable sets this cookie to assign a unique visitor ID for statistical purposes.

Performance cookies are used to understand and analyse the key performance indexes of the website which helps in delivering a better user experience for the visitors.

  • Cookie
    loglevel
  • Duration
    Never Expires
  • Description
    Squarespace sets this cookie to maintain settings and outputs when using the Developer Tools Console on the current session.

Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.

  • Cookie
    YSC
  • Duration
    session
  • Description
    Youtube sets this cookie to track the views of embedded videos on Youtube pages.
  • Cookie
    VISITOR_INFO1_LIVE
  • Duration
    6 months
  • Description
    YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface.
  • Cookie
    VISITOR_PRIVACY_METADATA
  • Duration
    6 months
  • Description
    YouTube sets this cookie to store the user's cookie consent state for the current domain.
  • Cookie
    yt.innertube::requests
  • Duration
    Never Expires
  • Description
    YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
  • Cookie
    yt.innertube::nextId
  • Duration
    Never Expires
  • Description
    YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
  • Cookie
    bcookie
  • Duration
    1 year
  • Description
    LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser IDs.

Other uncategorised cookies are those that are being analysed and have not been classified into a category as yet.

  • Cookie
    psdb_session
  • Duration
    2 hours
  • Description
    Description is currently not available.
  • Cookie
    patchstack_src
  • Duration
    1 year 1 month 4 days
  • Description
    Description is currently not available.
  • Cookie
    __Secure-ROLLOUT_TOKEN
  • Duration
    6 months
  • Description
    Description is currently not available.
  • Cookie
    _octo
  • Duration
    1 year
  • Description
    No description available.
  • Cookie
    logged_in
  • Duration
    1 year
  • Description
    No description available.
  • Cookie
    patchstack_app_session
  • Duration
    2 hours
  • Description
    Description is currently not available.
  • Cookie
    vulnerability_database_v2_session
  • Duration
    12 hours
  • Description
    Description is currently not available.
  • Cookie
    _impv_routing
  • Duration
    session
  • Description
    Description is currently not available.
  • Cookie
    WMF-Uniq
  • Duration
    1 year
  • Description
    Description is currently not available.
Powered by Cookieyes logo
Skip to content
Patchstack Docs

How to add security headers with Patchstack?

If you have the Patchstack plugin installed, we will automatically try to inject the security headers into the response.

If this does not work, perhaps due to an aggressive caching plugin or caching/proxy server, you may have to manually add the .htaccess rules below to your .htaccess file.

Adding the security headers automatically

Section titled “Adding the security headers automatically”

To automatically add the security headers, you need to navigate to the Patchstack App or Patchstack plugin in your WordPress dashboard.

How to do it in the Patchstack App?

  1. Navigate to your site from the Patchstack App > Sites
  2. Click on the Hardening tab
  3. Click on the .htaccess sub-tab
  4. Switch on the option “Add security headers”
  5. Scroll down and click Save settings

Adding the security headers manually

Section titled “Adding the security headers manually”

You can manually add the following security headers into the .htaccess file if you use Apache:

<IfModule mod_headers.c>
   Header set Referrer-Policy "strict-origin-when-cross-origin"
   Header set X-XSS-Protection "1; mode=block"
   Header set X-Content-Type-Options "nosniff"
   Header set X-Frame-Options "SAMEORIGIN"
   Header set Strict-Transport-Security "max-age=31536000"
   Header unset X-Powered-By
</IfModule>

If you are running nginx, add the following to the nginx configuration file and restart or reload nginx:

add_header X-Frame-Options SAMEORIGIN;  
add_header X-Content-Type-Options nosniff;  
add_header X-XSS-Protection "1; mode=block";  
add_header Strict-Transport-Security "max-age=31536000";  
add_header Referrer-Policy "strict-origin-when-cross-origin";

Additionally, in order to permanently remove the X-Powered-By header instead of using the above changes, set the expose_php value of your PHP configuration to “Off”. You may have to ask your host to make the above changes.

More help

Section titled “More help”

A more detailed guide about security headers can be found in this article: https://patchstack.com/articles/wordpress-security-headers/

In case you need help, turn to our support chat - just click the green chat bubble at the bottom right corner!

1