HTTP Headers not detected

  • I have activated and setup HTTP headers however on the scan here: https://securityheaders.com & Really Simple SSLSecurity Headers Scan, the following headers which I have enabled are still not showing up:

    Content-Security-Policy, X-Frame-Options, Referrer-Policy, Permissions-Policy, HTTP Strict Transport Security, X-XSS-Protection

    These are detected:

    Strict-Transport-Security & X-Content-Type-Options are being picked up.

    I tried disabling WP Super Cache in case it was stripping the headers but it didn’t fix it.

    Any ideas why this headers aren’t working?

    Many thanks

    Alex

    The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)

  • I was hoping you had a solution as I have a similar issue. However, looking at your page, I can see headers suggesting that you are using Cloudflare as a CDN. You don’t say where you are setting the http headers – if you haven’t set them in Cloudflare, try there and see if they then work.

Viewing 1 replies (of 1 total)
  • You must be logged in to reply to this topic.