.htaccess Security Header Rules

The RewriteEngine On line (as you have indicated) isn’t necessary, and pertains to a different module, mod_rewrite. You should remove it from the mod_headers block.

It’s possible that you don’t have the Headers Apache module installed or activated on your host. If it is possible to run the test with some breakage, you could try removing the If block and running the commands in the parent context. If it fails, that’s a good indication that it wasn’t working because Headers wasn’t installed.

If you are on a Debian system (Ubuntu, etc) you can enable the Headers Apache module like so via SSH:

sudo a2enmod headers
sudo service apache2 restart

Related Posts:

  1. Rewrite /?rest_route=/ link to /wp-json/ without changing default permalink structure in apache
  2. index.php not loading in main folder of wordpress
  3. Redirect from different port to subdomain – htaccess
  4. WordPress 404 on Subdomain
  5. Only expose routes with prefix /wp-json on WordPress using Apache
  6. What’s the opposite of required valid user in .htaccess authentication
  7. How can i redirect one url to another url using .htaccess or add_rewrite_rule
  8. Override htacces rule only for specific directory
  9. Restrict uploaded files into a custom folder to logged in users by htaccess: looking for Nginx – not only Apache – solution
  10. How do I test to ensure that my wp-config file is protected?
  11. mod_rewrite loop, redirecting http to https on certain section of wordpress blog
  12. .htaccess in subdir gets ignored by WordPress’ own .htaccess in /
  13. Directing subdomain to main domain and keeping the subdomain format with .htaccess
  14. WordPress – Promoting A Dev Build In A Subdirectory To Production / Root Directory
  15. Redirect old domain with query paramaters
  16. Does WP suppresses .htaccess if permalinks are disabled?
  17. fix 302 redirection error on https
  18. Access sub-domain when root public_html is protected with .htaccess password
  19. Accepting special characters in querystring
  20. WordPress permalinks confusion
  21. Configure .htaccess to have a WordPress single site installation with all subdomains pointing to the same pages?
  22. Unable leverage Browser Caching on AWS Bitnami stack (Apache) through W3TC and Cloudfront CDN
  23. How to move wordpress website from hosting account to localhost
  24. How to block wordpress admin by htaccess
  25. I can access subdirectory, but not files within it
  26. WordPress redirection
  27. How To Add CSP frame ancestors in WordPress Website? [closed]
  28. Subfolder install not working
  29. Browser Caching .htaccess
  30. .htaccess redirect http to https
  31. Redirect old php link to wordpress link in .htaccess
  32. Static raw HTML page
  33. htaccess rewrite for author query string when WP is in subfolder
  34. Why “Settings->Permalinks” creates .htaccess file on nginx server?
  35. .htaccess for wordpress inside another wordpress install
  36. .htaccess file redirecting to parent directory
  37. WordPress in sub directory wp-admin problem
  38. Rewrite rule not working
  39. Using “wordpress_logged_in” to restrict direct access to uploads folder in 2021
  40. Temporary .htaccess blocking is disabling WP Crons from running?
  41. .htaccess redirects disappeared after re-saving permalinks
  42. How have I misconfigured basic auth for my wordpress site?
  43. WordPress trims off the forward slash when import
  44. WordPress multilingual website domain and folders
  45. Attach to wp-login.php and xmlrpc.php
  46. XMLRPC filtering through htaccess not working
  47. Corrupt .htaccess file
  48. Rule to redirect non logged in User to Custom Registration/login Page in .htaccess file
  49. Cache policy not updated according to PageSpeed
  50. How to redirect http://mydomain/blog/blahblah/ to http://mydomain/blahblah/ in wordpress htaccess?
  51. When is it necessary to have Header unset Vary in .htaccess
  52. Redirect http to https does not work on subdir where another instance of WordPress installed
  53. redirect the homepage using .htaccess outside of WordPress
  54. Https Redirect infinite loop in Mobile browsers
  55. 403 error on admin login page
  56. HTTP Error 406 always on site?
  57. Point all URLs to homepage but maintain URL
  58. htaccess working on local server but not on live server
  59. Page preview is shown, updating page gives 404 error
  60. External content won’t load in iframe in Safari
  61. How to write .htaccess so that https is on for subpages only but not the home page
  62. Custom rewrite rule, url returning 404
  63. mod_rewrite doesn’t work as I want even with JSON API Plugin disabled
  64. WordPress .htaccess file gives issues with subdirectory
  65. Need help rebuilding lost htaccess file
  66. W3 Total Cache CSS & JS files GZip issues [closed]
  67. WP Super Cache unable to locate cache file for only the homepage
  68. Cannot login to WordPress site after changing .htaccess for security purposes
  69. WordPress permalink, stop redirection
  70. How to rename index.php to home.php
  71. add_rewrite_rule to remove /category/ from permalink
  72. .htaccess Non-‘www’ to ‘www’ Subdomain Redirection Only Works for Homepage
  73. Non WordPress Folder in a WordPress Site
  74. Moving wordpress to different url/server creates redirect loop
  75. Htaccess rewrite based on query string, not working [closed]
  76. Redirect all subdomains to root domain
  77. Change root directory
  78. .htaccess redirect not properly working [ ?utm_source=]
  79. How to execute WordPress as though it is in the root folder while it is installed in a subdirectory?
  80. Htaccess maintenance page rules that actually work with WordPress?
  81. Multisite htaccess file causing segfault (Segmentation fault 11)
  82. How to allow only vpn access to dashboard on Bitnami WordPress by IP address restricting
  83. Blocking wp-login in HTACCESS has also blocked password protected pages
  84. htaccess redirect to path
  85. Non-wordpress subdomain on Multisite Installation
  86. Downloading zip or tar.gz inside WordPress installation?
  87. Rewrite rules and maintain URL
  88. Subfolder renaming
  89. Targeting .htaccess file with file_put_contents
  90. Redirect Loop in Regex Moving to HTTPS
  91. .htaccess file changes disappear
  92. WordPress login bug. Need an emergency solution
  93. .htaccess and virtual host configuration for WP in its own directory
  94. 403 forbidden due to .htaccess?
  95. Issue after changing permalink structure [duplicate]
  96. Can’t get pretty permalinks to work without index.php
  97. Where is the htaccess in wordpress.com hosting?
  98. Debug errors for “Destination directory for file streaming does not exist or is not writable”
  99. Url redirection using htacess for my website
  100. .htaccess seems to be required but I can not find it