Jilicash apk latest version.Claim Your Free 999 Pesos Bonus Today

Resolved hayobethlehem
(@hayobethlehem)

1 year, 3 months ago
In my custom wordpress template I use this code to set CSP headers. These headers get stripped out by breeze when i switch on the cache engine. When I switch it off they reappear.

Is it possible to fix it so the cache engine respects existing headers?
```
header($headerCSP);
```
The page I need help with: [log in to see the link]

Viewing 6 replies - 1 through 6 (of 6 total)

Plugin Author

adeelkhan

(@adeelkhan)

1 year, 2 months ago

Did you try with .htaccess ?

Thread Starter

hayobethlehem

(@hayobethlehem)

1 year, 2 months ago

well, strict csp headers aren’t a good idea in wordpress backend. So best place is in the template header.

Respecting existing headers seems like a best practice to me, also very little performance gain to get there.

Plugin Author

adeelkhan

(@adeelkhan)

1 year, 2 months ago

Please share the response of header with Breeze and without Breeze.

Thread Starter

hayobethlehem

(@hayobethlehem)

1 year, 2 months ago

Breeze on:

HTTP/1.1 200 OK =>
Date => Mon, 04 Sep 2023 11:30:21 GMT
Server => Apache
Cache-Provider => CLOUDWAYS-CACHE-DE
Content-Encoding => gzip
Vary => Accept-Encoding,User-Agent
Strict-Transport-Security => max-age=31536000; includeSubdomains; preload
X-Frame-Options => SAMEORIGIN
Upgrade => h2c
Connection => Upgrade, close
Last-Modified => Mon, 04 Sep 2023 11:28:25 GMT
Content-Length => 4798
Cache-Control => max-age=3600
Expires => Mon, 04 Sep 2023 12:30:21 GMT
X-Clacks-Overhead => GNU Terry Pratchett
Access-Control-Allow-Methods => GET,PUT,POST,DELETE
X-XSS-Protection => 1; mode=block
X-Content-Type-Options => nosniff
Referrer-Policy => strict-origin
Access-Control-Allow-Origin => null
Access-Control-Allow-Headers => Content-Type, Authorization
Cross-Origin-Embedder-Policy => unsafe-none
Cross-Origin-Opener-Policy => same-origin
Cross-Origin-Resource-Policy => cross-origin
Permissions-Policy => accelerometer=(), autoplay=(), camera=(), cross-origin-isolated=, display-capture=(self), document-domain=(self), encrypted-media=(self), fullscreen=, geolocation=(self), gyroscope=(self), magnetometer=(self), microphone=(self), midi=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
Content-Type => text/html; charset=utf-8

Breeze off:

HTTP/1.1 200 OK =>
Date => Mon, 04 Sep 2023 11:31:36 GMT
Server => Apache
Link => ; rel=shortlink
Content-Security-Policy => base-uri 'self';connect-src 'self';default-src 'self';frame-ancestors 'self';frame-src 'self';img-src data: 'self' https://i.gr-assets.com/images/S/compressed.photo.goodreads.com/books/ https://pxscdn.com;form-action 'self';font-src 'self';media-src 'self';object-src 'none';script-src 'strict-dynamic';style-src 'self';
Strict-Transport-Security => max-age=31536000; includeSubdomains; preload
X-Frame-Options => SAMEORIGIN
Vary => User-Agent,Accept-Encoding
Upgrade => h2c
Connection => Upgrade, close
Cache-Control => max-age=3600
Expires => Mon, 04 Sep 2023 12:31:36 GMT
X-Clacks-Overhead => GNU Terry Pratchett
Access-Control-Allow-Methods => GET,PUT,POST,DELETE
X-XSS-Protection => 1; mode=block
X-Content-Type-Options => nosniff
Referrer-Policy => strict-origin
Access-Control-Allow-Origin => null
Access-Control-Allow-Headers => Content-Type, Authorization
Cross-Origin-Embedder-Policy => unsafe-none
Cross-Origin-Opener-Policy => same-origin
Cross-Origin-Resource-Policy => cross-origin
Permissions-Policy => accelerometer=(), autoplay=(), camera=(), cross-origin-isolated=, display-capture=(self), document-domain=(self), encrypted-media=(self), fullscreen=, geolocation=(self), gyroscope=(self), magnetometer=(self), microphone=(self), midi=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
Content-Type => text/html; charset=UTF-8