Not all recommended security headers are installed

  • Resolved avabusiness

    (@avabusiness)


    1 year, 4 months ago

    Hello.

    I am receiving this message in the site health section of my client’s site:

    Not all recommended security headers are installed

    I followed the instructions in this link and have double checked that the information saved properly in the new .htaccess file:

    https://really-simple-ssl.com/site-health-recommended-security-headers/

    I logged out, waited a while, and logged back in to see the same message in site health.

    Here is the exact text I put in the .htaccess file, right above # BEGIN WordPress:

    # Really Simple SSL

    Header always set Strict-Transport-Security: “max-age=31536000” env=HTTPS
    Header always set X-XSS-Protection “0”
    Header always set X-Content-Type-Options “nosniff”
    Header always set Referrer-Policy “strict-origin-when-cross-origin”
    Header always set X-Frame-Options: “SAMEORIGIN”
    Header always set Permissions-Policy: “”

    # End Really Simple SSL

    Is there something I am missing?

    Thanks.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support jarnovos

    (@jarnovos)

    Hi @avabusiness,

    You can test whether your website is already setting these headers with a tool such as https://securityheaders.com/.

    If it does, the Site Health notice about the headers is probably still ‘cached’, and should indeed disappear after some time passes.

    Kind regards, Jarno

    Thread Starter avabusiness

    (@avabusiness)

    Thank you! I ran the tool and find all are indeed set. The only one missing is content-security-policy which I will look into through the link provided with the assessment.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Not all recommended security headers are installed’ is closed to new replies.