http headers have no effect on my website

  • hello dear support,
    I have a problem with the plugin on my website, it seems that the HTTP security headers have no effect, try everything, disable plugin, reinstall, directly apply the following policies in the .htaccess file:

    Header always set X-Content-Type-Options “nosniff”
    Header set X-Frame-Options “SAMEORIGIN”
    Header set X-XSS-Protection “1; mode = block”
    Header set X-Permitted-Cross-Domain-Policies “none”
    Header set Strict-Transport-Security “max-age = 31536000; includeSubDomains; preload” env = HTTPS
    Header set Referrer-Policy “strict-origin”
    Header set Cross-Origin-Resource-Policy “same-site”
    Header set Cross-Origin-Embedder-Policy “unsafe-none”
    Header set Cross-Origin-Opener-Policy “same-origin”
    Header set Permissions-Policy “camera = (), geolocation = (), microphone = (), midi = ()”

    but never have any effect either directly or with the plugin, any idea why this could happen?
    use the following website to check if the headers work https://securityheaders.com/

    The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)

  • Not working for me either. Plugin author maybe can comment? Why even without plugin when adding rules manually does not work? Where could be the problem? In other website everything is working ok.

    edited: Only working in php mode (deprecated) WHY?

    • This reply was modified 3 years, 11 months ago by gedimazs.
Viewing 1 replies (of 1 total)
  • The topic ‘http headers have no effect on my website’ is closed to new replies.