Changes are not shown by CloudFlare

Hi @alaid, Thank you for downloading the Headers Security Advacned & HSTS WP plugin. I’m glad you like the plugin.

This is Andrea and will help you with the issue you are experiencing as quickly as possible. Could you please confirm me the version of the plugin (final version 5.0.04)?

Some tests to do:
– disable and delete the plugin and reinstall it
– clear the Cloudflare cache and see if anything changes on your end.

If the above tests didn’t bring any results you can directly from cloudflare settings disable the headers and use those of the plugin (cloudflare forces the use of some headers).

For further information or doubts I am at your disposal.

Hi Andrea,

How to disable headers in CloudFlare?

What are the options that I should disable?

Thanks

Hi @alaid,
don’t worry, now let’s try to solve the problem you are experiencing ??. I will detail the steps to disable the basic functionality of cloudflare only for the part of HSTS and security headers.

Are you ready? let’s get started, first access the CloudFlare login page, here is the link to access the login directly:

https://dash.cloudflare.com/login/

Disable HSTS
To disable HSTS on your website:

• Log in to the Cloudflare dashboard and select your account.
• Select your website.
• Go to SSL/TLS > Edge Certificates.
• For HTTP Strict Transport Security (HSTS), click Enable HSTS.
• Set the Max Age Header to 0 (Disable).
• If you previously enabled the No-Sniff header and want to remove it,
  set it to Off.
• Click Save.

Disable security headers

Clear the transformation rules (Rules > Transformation Rules) to remove the response headers that CloudFlare is using. This will allow you to use the security headers from the Headers Security Advanced & HSTS WP plugin.

I hope I have given you some help with cloudflare settings. If you need any further help or information I am here specifically to help you.`

Hi Andrea,

Thanks for all the directions, I followed each one step by step finding that everything is disabled.

This led me to do several tests, as I use WP-Rocket I proceeded to clear the cache of the home page and test, indeed I got an A+, but after a few seconds if I try again, the F appears again, then I removed the home page from the cache for a few minutes and the A+ remained, then I added it back to the cache and the A+ remained.

Thanks.

@unicorn03 While I know you have the best of intentions, it’s forum policy that you not ask users for admin or server access. Users on the forums aren’t your customers, they’re your open source collaborators, and requesting that kind of access can put you and them at high risk.

If they are paying customers (such as people who bought a premium service/product from you) then by all means, direct them to your official customer support system. But in all other cases, you need to help them here on the forums.

Thankfully are other ways to get information you need:

• Ask the user to install the Health Check plugin and get the data that way.
• Ask for a link to the https://pastebin.com/ or https://gist.github.com log of the user’s web server error log.
• Ask the user to create and post a link to their phpinfo(); output.
• Walk the user through enabling WP_DEBUG and how to log that output to a file and how to share that file.
• Walk the user through basic troubleshooting steps such and disabling all other plugins, clear their cache and cookies and try again (the Health Check plugin can do this without impacting any site vistors).
• Ask the user for the step-by-step directions on how they can reproduce the problem.

You get the idea.

We know volunteer support is not easy, and this guideline can feel needlessly restrictive. It’s actually there to protect you as much as end users. Should their site be hacked or have any issues after you accessed it, you could be held legally liable for damages. In addition, it’s difficult for end users to know the difference between helpful developers and people with malicious intentions. Because of that, we rely on plugin developers and long-standing volunteers (like you) to help us and uphold this particular guideline.

When you help users here and in public, you also help the next person with the same problem. They’ll be able to read the debugging and solution and educate themselves. That’s how we get the next generation of developers.