- Views: 68
- Replies: 2
XenVn SEO Check is a tool integrated in XenVn addon, with the purpose of helping you easily check the settings to help optimize performance, security and improve SEO score for Xenforo.
Access it at URL:
admin.php?xv/seoChecklist of items and optimization instructions:
[HTTPS]: Your domain name must be HTTPS
Go to url:
admin.php?options/groups/basicBoard/#boardUrl, check domain name settings in Board URL section. And your server must have SSL certificate setup.[TLS] SSL connection using TLSv1.2 or TLSv1.3. TLS 1.3 is faster and more secure than TLS 1.2.
1. If you are using apache2:
- Go to the VirtualHost management file. For example:
apache\conf\extra\httpd-vhosts.conf- Find the line <VirtualHost *:443> which contains the configuration for your domain.
- Add the following lines below the
SSLEngine on line:
APACHECONF:
You must log in to view
(3 lines)apachectl configtest- Restart the apache server with the SSH command:
sudo apachectl restart2. If you are using Cloudflare:
Go to
SSL/TLS -> Edge Certificates:+ Always Use HTTPS: On
+ Minimum TLS Version: TLS 1.2
+ TLS 1.3: On
+ Automatic HTTPS Rewrites: On
[SSL] SSL certificate verify ok. SSL certificates are what enable websites to use HTTPS. An SSL certificate is a data file hosted in a website's origin server.
- If you are using hosting, your provider may have provided you with a free and automatic SSL certificate.
- If you are using a VPS, you will need to set up an SSL certificate yourself. You can use free SSL services or purchase them.
- If you are using Cloudflare, they will provide you with a free SSL certificate. Set it up at:
SSL/TLS -> Edge Certificates[Protocols] using HTTP/2. HTTP/2 will make our applications faster, simpler, and more robust.
1. If you are using apache2:
- Go to the HTTPD management file. For example:
apache\conf\httpd.conf- Add the following lines at the end, ending with a blank line:
APACHECONF:
You must log in to view
(2 lines)apachectl configtest- Restart the apache server with the SSH command:
sudo apachectl restart2. If you are using Cloudflare:
HTTP/2 is enabled by default when you set up SSL certificates.
[HTTP-Status-Code]: The server should return a status code in the 200s for all valid URLs.
If the return code is not 200, check your server settings.
[Cookie-Secure]: The Secure flag specifies that the cookie may only be transmitted using HTTPS connections (SSL/TLS encryption).
Standard template structure for Xenforo:
set-cookie: __Secure-XV_csrf=********; HttpOnly; SameSite=Lax; Secure; Path=/Open Xenforo configuration file at:
src\config.php- Add the following lines at the end:
PHP:
You must log in to view
(3 lines)1. If you are using apache2:
- Go to the HTTPD management file. For example:
apache\conf\httpd.conf- Add the following lines at the end, ending with a blank line:
APACHECONF:
You must log in to view
(3 lines)2. If you are using Cloudflare:
No setup on Cloudflare. It needs to be set up on the server.
[Compress]: Content encoding is mainly used to compress content without losing information about the original media type.
Common encoding types: gzip, compress, deflate, br, zstd, dcb, dcz
1. If you are using apache2:
- Go to the HTTPD management file. For example:
apache\conf\httpd.conf- Add the following lines at the end, ending with a blank line:
APACHECONF:
You must log in to view
(1 lines)apachectl configtest- Restart the apache server with the SSH command:
sudo apachectl restart2. If you are using Cloudflare:
Enabled by default.
[HSTS] Strict-Transport-Security: Tells the browser that the site should only be accessed using HTTPS.
Standard template structure:
strict-transport-security: max-age=15552000; includeSubDomains1. If you are using apache2:
- Go to the HTTPD management file. For example:
apache\conf\httpd.conf- Add the following lines at the end, ending with a blank line:
APACHECONF:
You must log in to view
(1 lines)apachectl configtest- Restart the apache server with the SSH command:
sudo apachectl restart2. If you are using Cloudflare:
Go to
SSL/TLS -> Edge Certificates -> HTTP Strict Transport Security (HSTS)+ Enable HSTS (Strict-Transport-Security): On
+ Max Age Header (max-age): 6 months
+ Apply HSTS policy to subdomains (includeSubDomains): On
+ No-Sniff Header: On
[MIME Sniffing] X-Content-Type-Options: It indicates that the MIME types advertised in the Content-Type header must be respected and not changed.
Standard template structure:
x-content-type-options: nosniff1. If you are using apache2:
- Go to the HTTPD management file. For example:
apache\conf\httpd.conf- Add the following lines at the end, ending with a blank line:
APACHECONF:
You must log in to view
(2 lines)apachectl configtest- Restart the apache server with the SSH command:
sudo apachectl restart2. If you are using Cloudflare:
Go to
SSL/TLS -> Edge Certificates -> HTTP Strict Transport Security (HSTS)+ No-Sniff Header: On
[CSP] Content Security Policy: It is a feature that helps prevent or reduce the risk of certain types of security threats.
Standard template structure:
content-security-policy: default-src 'self' https: blob: data: wss: 'unsafe-inline' 'unsafe-eval'1. If you are using apache2:
- Go to the HTTPD file. For example:
apache\conf\httpd.conf- Add the following lines at the end, ending with a blank line:
APACHECONF:
You must log in to view
(1 lines)apachectl configtest- Restart the apache server with the SSH command:
sudo apachectl restart2. If you are using Cloudflare:
- Go to: Rules -> Overview -> Create rule -> Response Header Transform Rules
- Rule name: Content-Security-Policy
- If incoming requests match: All incoming requests
- Select item: Set static
- Header name:
Content-Security-Policy- Value:
default-src 'self' https: blob: data: wss: 'unsafe-inline' 'unsafe-eval'[PHP-Version]: The minimum recommended PHP version is 8.0.0. Outdated versions have potential security vulnerabilities.
You must manually set up the PHP version on your server.
[PHP-OPcache] OPcache improves PHP performance by storing precompiled script bytecode in shared memory.
1. If you are using apache2:
- Go to the PHP Ini file. For example:
php\php.ini- Find line
;zend_extension=opcache, remove the ; at the beginning- Find line
;opcache.enable= replace with (remove the ; at the beginning): opcache.enable=1- Add below the following line:
opcache.jit=0- Restart the apache server with the SSH command:
sudo apachectl restart- Restart the PHP with the SSH command:
systemctl restart php8.4-fpm(The command may vary depending on the server, replace 8.4 with the PHP version you are using)
2. If you are using Cloudflare:
No setup on Cloudflare. It needs to be set up on the server.
[XF-Cache] Setting up caching can be beneficial to save processing time and database queries.
Recommended providers: Memcached, Redis. You must set up the cache provider on your server yourself first.
1. If you are using apache2:
Install Redis:
- To install Redis use the following command:
sudo apt install php-redis redis-server- Open file
etc/redis/redis.conf- Find line
supervised replace with supervised systemd- Find line
# requirepass replace with (remove the # at the beginning): requirepass your-cache-password- Restart the redis server with the SSH command:
sudo systemctl restart redis2. If you are using Cloudflare:
No setup on Cloudflare. It needs to be set up on the server.
3. Redis Configuration for Xenforo:
- Open Xenforo configuration file at: src\config.php
- Add the following lines at the end:
PHP:
You must log in to view
(8 lines)[XF-Guest-Cache] Cache content for visitors, not members.
The content the visitor views will be cached, and not updated in real time (only updated when cache expires, default 5 minutes). You must complete [XF-Cache] setup before setting up [XF-Guest-Cache]
Redis Configuration for Xenforo:
- Open Xenforo configuration file at: src\config.php
- Add the following lines at the end:
PHP:
You must log in to view
(8 lines)[XF-PWA] Progressive Web Apps
A progressive web app (PWA) is an app that's built using web platform technologies, but that provides a user experience like that of a platform-specific app.
Set the required parameters correctly at the URL:
admin.php?pwa/[JS-Cache], [CSS-Cache], [IMG-Cache], [SVG/WOFF-Cache], [Attachment-IMG-Cache]: Set Cache-Control for static files (js, css, image, font)
Standard template structure:
cache-control: public, max-age=31536000For [Attachment-IMG-Cache], you need to enable the following option: XenVn Setting -> Attachments -> View All Image Attachments: Enable
1. If you are using apache2:
- Go to the HTTPD file. For example:
apache\conf\httpd.conf- Add the following lines at the end, ending with a blank line:
APACHECONF:
You must log in to view
(3 lines)apachectl configtest- Restart the apache server with the SSH command:
sudo apachectl restart2. If you are using Cloudflare:
Static files like images, javascript are cached automatically. You need to set up cache for image attachments and CSS urls.
- Go to:
Caching -> Cache Rules -> Create rule- Create 2 new rules with the following parameters:
Rule 1 (for XF CSS file):
+ Rule name: CSS Cache
+ If incoming requests match: Custom filter expression
+ Field: URI Query String
+ Operator: wildcard
+ Value:
css=*+ Cache eligibility: Bypass cache
+ Browser TTL: Override origin and use this TTL
+ Input time-to-live (TTL): 1 year
Rule 2 (for XF Image Attchments)
+ Rule name: Webp / Gif Cache
+ If incoming requests match: Custom filter expression
+ Field: URI Path
+ Operator: contains
+ Value:
-webp.+ Press Or button, Add the following parameters:
+ Field: URI Path
+ Operator: contains
+ Value:
-gif.(if XF 2.2 add Jpg / Png):
+ Press Or button, Add the following parameters:
+ Field: URI Path
+ Operator: contains
+ Value:
-jpg.+ Press Or button, Add the following parameters:
+ Field: URI Path
+ Operator: contains
+ Value:
-png.+ Cache eligibility: Bypass cache
+ Browser TTL: Override origin and use this TTL
+ Input time-to-live (TTL): 1 year
(The article will continue to be updated...)
Last edited:
