SecurityHeaders.com No Longer Recognizing Policies

  • Hello,

    Up until last week I scored an “A” on SecurityHeaders.com for the past year or more. For some reason it is no longer recognizing the Content Security Policy, X-Frame Options, Referrer Policy & Permissions Policy. I haven’t changed any settings so I am unsure what happened.

    Any help is appreciated.

    Thanks,

    Stephen

    The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Dimitar Ivanov

    (@zinoui)

    I looked at response headers of your website and I found these: Content-Securoty-Policy, X-Frame-Options, and Referrer-Policy.

    You haven’t the Permissions-Policy header (actually you have Feature-Policy).

    You may verify it here:
    https://zinoui.com/tools/headers-inspector?url=https%3A%2F%2Fwww.auction-savvy.com%2F

    Alternatively, you can inspect your headers using the Chrome DevTools.

    I really don’t know why securityheaders.com doesn’t recognize those headers.

    Hi,

    In my case, I changed to “Use PHP to send headers (deprecated)” in Advanced settings on non Apache web servers.

    Thread Starter auctionsavvy

    (@auctionsavvy)

    Thanks for the tip! I just tried the PHP option and there was no change on SecurityHeaders.com – still a D score. My Security score on WebPageTest went from A to D when I switched to PHP. There may be a glitch with SecurityHeaders.com because sometimes when I check it registers and A score and at others times, like today, a D score.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘SecurityHeaders.com No Longer Recognizing Policies’ is closed to new replies.