HTTP Security Headers

  • Resolved aidba55

    (@aidba55)


    2 years, 4 months ago

    Hi there,

    I have a query regarding HTTP security headers and the WooCommerce PayPal Paymentsd plugin. Will any of the below HTTP security headers cause any issues:

    X-XSS-Protection “1; mode=block”
    Header set X-Frame-Options “SAMEORIGIN”
    Header set X-Content-Type-Options “nosniff”
    Header always set Strict-Transport-Security “max-age=63072000;

    Most notably the X-Frame-Options header and the fact that the PayPal plugin is embedded on checkout.

    Thanks

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support Syde Niklas

    (@niklasinpsyde)

    Hi @aidba55,

    Have you given it a try?
    PayPal Payments loads the PayPal scripts to display the PayPal content like the smart buttons or Pay Later messaging.
    There are ways to unintentionally block the communication with PayPal, but you should notice quickly that, for example, the buttons are not loading.
    If the payment process completes fine and the webhooks are received, then I’m not seeing a problem with it.
    But if this is causing any issues for you, we can surely dig a bit deeper and request some testing to investigate further.

    Kind regards,
    Niklas

    Plugin Support Syde Joost

    (@joostvandevijver)

    Since we haven’t heard back from you, I’m going to mark it as resolved.
    In case you’re still having problems, feel free to let us know!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘HTTP Security Headers’ is closed to new replies.