A+ at first check and then F

  • Resolved erikwillemse

    (@erikwillemse)


    2 years, 11 months ago

    Hi there,
    I have installed your plugin and the first test on https://securityheaders.com/ gave an A+
    And I could also submit my site to https://hstspreload.org/.

    But minutes later, testing again gives an F.

    And none of the crucial headers are there anymore.

    the hsts preload form says “has changed its behaviour since it was submitted, and will not be added to the official preload list unless the errors below are resolved” with the following error:
    Response error: No HSTS header is present on the response

    Have you seen this behaviour before? Any suggestions where I should look first for an answer?

    Thx. Erik

    • This topic was modified 2 years, 11 months ago by erikwillemse.
Viewing 4 replies - 1 through 4 (of 4 total)
  • Thread Starter erikwillemse

    (@erikwillemse)

    Hi Andrea,

    I have already 4.6.5 installled so that did not solve the issue. I will keep a close watch on 4.7.0 when it becomes available.

    In the meantime, I have been able to do some extra research. I am using WP Rocket and it seems there are some issues with security headers via the PHP header() function.

    The article is in Dutch but Google Translate makes it comprehensable in English: https://www.timdehoog.nl/2018/08/02/wp-rocket-verwijderd-php-security-headers/

    The problem he is describing seems to be exactly what I was experiencing. I hope this help?

    gr. Erik

    Thread Starter erikwillemse

    (@erikwillemse)

    BTW: this is what WP rocket is saying about it.
    https://docs.wp-rocket.me/article/1487-security-headers-are-missing

    I am assuming that you are currently not making any changes to the htaccess file and it seems, as I am using an Apache server, adding the headers in the htaccess file, after the WP Rocket block of rules, is the only option.

    But in that case, I would not be needing/using your plugin?
    Do you have plans (maybe already in the latest version) to alter the htaccess file?

    Thread Starter erikwillemse

    (@erikwillemse)

    Version 4.7.0 indeed seems to have solved the issue. It now seems to work fine together with WP Rocket.

    Thx!

    Plugin Author Andrea Ferro

    (@unicorn03)

    Hi @erikwillemse Thanks for your feedback we are really happy to have helped you… We are improving Headers Security Advanced & HSTS WP every day and trying to make and keep the plugin simple but effective.

    Don’t hesitate to contact us if you need any help.

    Happy Holidays

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘A+ at first check and then F’ is closed to new replies.