Dimitar Ivanov
Forum Replies Created
-
Forum: Plugins
In reply to: [HTTP Headers] X-Content-Type-OptionsThat is because the X-Content-Type-Options is sent only with the main HTML document. In the next release, I will extend that so scripts and styles will have it too.
Regards,
Forum: Plugins
In reply to: [HTTP Headers] Few Notices & Warnings@pacart42 Thank you for reporting this bug!
The new version 1.7.1 ships a fix.Forum: Plugins
In reply to: [HTTP Headers] Request Expect-CT SupportSure!
Forum: Plugins
In reply to: [HTTP Headers] Multisite settings config needs to have proper urlThe issue was fixed in version 1.5.0
Forum: Plugins
In reply to: [HTTP Headers] Switch CSP OFF lose all settingsForum: Plugins
In reply to: [HTTP Headers] Multisite settings config needs to have proper urlScheduled for the upcoming release.
Thanks!Forum: Plugins
In reply to: [HTTP Headers] New feature – don’t show PHP version in http headerHi Colin,
I’m already working on the next version, where it will be possible to remove the X-Powered-By header. To completely remove the Server header an access to the web server configuration file is required.
However, thanks for the suggestion!
Regards,
Forum: Plugins
In reply to: [HTTP Headers] The Plugin doesn’t change my cache headersHi @cjc1867,
The problem with WP Super Cache is solved since v1.4.0 of Http Headers. You must use the Apache/htaccess method (see the Advanced settings)
Forum: Plugins
In reply to: [HTTP Headers] The Plugin doesn’t change my cache headersThis plugin does not modify the cache headers of HTML documents neither their static resources. I guess you need to find some other solution.
The main goal of this plugin is to help with securing of websites and to solve some common issues with Same-origin policy.
Forum: Plugins
In reply to: [HTTP Headers] Request to add new featuresThanks for your suggestion!
Forum: Plugins
In reply to: [HTTP Headers] Reverse the https redirectingYou need to clear your browsing data (Ctrl + Shift + Del), at least the cache.
Also, you can set the HSTS max-age directive to 0.
Forum: Plugins
In reply to: [HTTP Headers] Not save configurationThanks for your feedback!
In the versions prior the 1.3 there was two separate forms – one for the security headers and another one for the CORS headers. In case you change some settings into the first form and others in the second, after that submit the last form – only the changes to 2nd form will be saved. This unwanted behavior was removed in v1.3
Forum: Plugins
In reply to: [HTTP Headers] Content Security PolicyHi @fredclown,
I’m working on it ??
Forum: Plugins
In reply to: [HTTP Headers] Header RemovalHi @fredclown,
Definitely, I will consider it on next update. Thank you for your suggestion!
Forum: Plugins
In reply to: [HTTP Headers] The X-UA-Compatible header’s syntax isn’t valid.Hi @martychc23,
It’s true that the “chrome=1” isn’t a standard flag in “X-UA-Compatible” header, and that’s the reason the REDbot and W3C validator to show a warning about it.
Despite the fact noted above the chrome flag specifies that Google Chrome frame should start if the user has it installed.
In short, it has a purpose of having it.
P.S. Setting up this header throughout the HTTP Headers plugin gives you a choice to use the chrome flag or not.