Conflict with HTTP Headers

  • Hi
    I would like to have a fast website and have web security. I use your plugin along with HTTP Headers and every time I test the headers I get a low score from some of the scanning sites.

    But if I delete the cache every time for some unknown reason I get a different higher score. So if I disable your plugin I get consistent scores.

    Why is your plugin causing problems with this plugin?

    Thanks

    Colin

Viewing 6 replies - 1 through 6 (of 6 total)
  • Thread Starter cjc1867

    (@cjc1867)

    It appears that your caching program is stripping out the headers, why? They are there for a purpose.

    Is there anything in the plugin settings that will prevent the headers being stripped?

    Sorry but can’t use your plugin as it now makes my website unsafe to hackers. I have spent a lot of time and effort trying to make sure my websites are safe and they aren’t.

    Can you fix it?

    You are not the only one as other caching programs do the same.

    Ben

    (@benbornschein)

    What do you mean with “stripping out the headers”?

    Thread Starter cjc1867

    (@cjc1867)

    With WP Super Cache enabled it only caches the Content only and not the headers. It will work once then no headers are sent after that.

    Therefore no web security.

    Ben

    (@benbornschein)

    What kind of headers do you send and how do you send them?

    Thread Starter cjc1867

    (@cjc1867)

    Hi Ben
    I am using a plugin to set the http headers, the plugin works until you enable caching.

    I am setting the following:
    Content Security Policy
    XSS
    X-Frame options
    X-Content type options
    Referer Policy
    HSTS

    I had B+ ie needs a bit more as it won’t parse the Content Security Policy and now I am back to F using another caching plugin (no name mentioned here).

    Caching will have to go, web security is more important.

    Colin

    Thread Starter cjc1867

    (@cjc1867)

    Thanks Ben
    I just tried your plugin and I got an ‘F’ using this website to check the headers https://observatory.mozilla.org/ as the headers aren’t included.

    They are either stripped or just not included but if security is there then they need to be implemented.

    Cheers for helping.

    Colin

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Conflict with HTTP Headers’ is closed to new replies.