{"id":17686,"date":"2019-07-17T14:34:44","date_gmt":"2019-07-17T18:34:44","guid":{"rendered":"https:\/\/www.boldgrid.com\/support\/?p=17686"},"modified":"2020-03-12T14:39:20","modified_gmt":"2020-03-12T18:39:20","slug":"avoid-unnecessary-headers","status":"publish","type":"post","link":"https:\/\/www.boldgrid.com\/support\/boldgrid-speed-coach-product-guide\/avoid-unnecessary-headers\/","title":{"rendered":"Avoid Unnecessary Headers"},"content":{"rendered":"<!DOCTYPE html PUBLIC \"-\/\/W3C\/\/DTD HTML 4.0 Transitional\/\/EN\" \"http:\/\/www.w3.org\/TR\/REC-html40\/loose.dtd\">\n<?xml encoding=\"utf-8\" ?><html><body><h2 id=\"what-headers-are-unnecessary\"><span style=\"font-weight: 400;\">What headers are unnecessary?<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">There are several headers commonly sent by web pages that have been replaced by newer headers or that reveal information about the web page that an attacker could use when probing the website for weaknesses.&nbsp;<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Some common obsolete headers are the Pragma header, the P3P header, and&nbsp; the X-Frame-Options header. The Pragma header is commonly used to control caching settings, but the Cache-Control header should be used instead. The P3P header was intended to tell browsers what information a website collects about its visitors, but the header was never widely adopted or implemented in modern browsers. The X-Frame-Options header tells browsers if they should render &lt;frame&gt;, &lt;iframe&gt;, &lt;embed&gt;, or &lt;object&gt; tags on a page. The X-Frame-Options was supposed to provide security against attacks using those tags, but it has been replaced by the Content-Security-Policy header<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The Server and X-Powered-By headers tell visitors the web server software, such as Apache or NGINX, used to serve the web page and the application, such as WordPress, that generated the web page. Although there are other ways to detect the web server or web application used to load a web page, removing these unnecessary headers helps make the website a little more secure.<\/span><\/p>\n<\/body><\/html>\n","protected":false},"excerpt":{"rendered":"<p>What headers are unnecessary? There are several headers commonly sent by web pages that have been replaced by newer headers or that reveal information about the web page that an attacker could use when probing the website for weaknesses.&nbsp; Some common obsolete headers are the Pragma header, the P3P header, and&nbsp; the X-Frame-Options header. The [&hellip;]<\/p>\n","protected":false},"author":1071,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_bbp_topic_count":0,"_bbp_reply_count":0,"_bbp_total_topic_count":0,"_bbp_total_reply_count":0,"_bbp_voice_count":0,"_bbp_anonymous_reply_count":0,"_bbp_topic_count_hidden":0,"_bbp_reply_count_hidden":0,"_bbp_forum_subforum_count":0,"bgseo_title":"","bgseo_description":"","bgseo_robots_index":"index","bgseo_robots_follow":"follow","footnotes":""},"categories":[651],"tags":[666],"class_list":["post-17686","post","type-post","status-publish","format-standard","hentry","category-boldgrid-speed-coach-product-guide","tag-best-practices","feature-type-free"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.boldgrid.com\/support\/wp-json\/wp\/v2\/posts\/17686","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.boldgrid.com\/support\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.boldgrid.com\/support\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.boldgrid.com\/support\/wp-json\/wp\/v2\/users\/1071"}],"replies":[{"embeddable":true,"href":"https:\/\/www.boldgrid.com\/support\/wp-json\/wp\/v2\/comments?post=17686"}],"version-history":[{"count":1,"href":"https:\/\/www.boldgrid.com\/support\/wp-json\/wp\/v2\/posts\/17686\/revisions"}],"predecessor-version":[{"id":17687,"href":"https:\/\/www.boldgrid.com\/support\/wp-json\/wp\/v2\/posts\/17686\/revisions\/17687"}],"wp:attachment":[{"href":"https:\/\/www.boldgrid.com\/support\/wp-json\/wp\/v2\/media?parent=17686"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.boldgrid.com\/support\/wp-json\/wp\/v2\/categories?post=17686"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.boldgrid.com\/support\/wp-json\/wp\/v2\/tags?post=17686"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}