 welcome everybody and let's get started. For this tutorial I'm going to be using securityheaders.com just so we can check the security headers of the website that we're going to be fixing today and to do this navigate to securityheaders.com and simply enter your website URL in here or your IP address. So I'm going to do that and by the way I might end up hiding this website because it's not mine. I mean I don't see it as a big deal but I might end up hiding it anyway. So I'm going to enter the website URL in here and click scan. So as you can see we get the security report summary and we get a grade of F which is not great and these are the security headers that are not set. So I'm going to show you how to fix them right now and then we can re-scan the website and see whether it has worked. So let's go to your server which is the web hosting manager in this video and let's login. As you can see I've zoomed in quite a lot just so you can see a little bit better and here on the top left corner where the search bar is search for Apache configuration. Here it is under service configuration click Apache configuration and then if you scroll down a little bit you will see this include editor. Click on include editor and then scroll down a little bit more and here under pre-main include we have this section here which states I wish to edit the pre-main configuration include four. Now we need to select here and select all versions. Inside here we have this big text input and all we need to do is paste the security headers that we need. So I've already copied them there will be available in the description below if you wish to copy and paste them. Here they are but of course feel free to look into each header individually and set it the way you like and the way they work for your website and once you're done click update and by the way I would definitely suggest you add in them one by one and just test in your website as well. So let's update this and press restart Apache. You do need to restart it otherwise it's not going to work. All right now that we have Apache restarted successfully let's go back to the security headers.com website and click scan again. As you can see the security report summary is now A and we have all the headers in green but the only one that we don't have in green inside here is the content security policy. I might include that in the description below as well but the reason that I didn't add this one for this specific website is because I believe that it was blocking some of the JavaScript and things were not looking good. The website wasn't working and that's why I decided to leave it without this one here and leave it as A and that's pretty much it. One more thing that I wanted to mention is that now all of the websites that I hosted under your WHM or web hosting manager will have the same headers that we just set so you don't have to do this individually for every single website which in a way is great I guess and that's pretty much everything. I hope that you found this tutorial useful. Smash the like button, please comment below and consider subscribing. Hopefully I will see you in the next one. Thank you very much for watching.