Not compatible with HTTP Headers

  • Resolved p15h

    (@prestonwordsworth)


    2 years, 4 months ago

    Dear Salvatore & Saumya

    Thank you for making this great plugin available to us!

    The current version doesn’t seem to work with the WP plugin HTTP Headers. Security headers such as Permissions-Policy set using HTTP Headers are found missing by securityheaders.com when Super Page Cache is enabled, but can be found when Super Page Cache is disabled.

    Could you let us know if this is a bug that can be fixed or if there is some other way to set security headers so they’re compatible with Super Page Cache?

    Preston

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Contributor iSaumya

    (@isaumya)

    Hi,
    when using this plugin, you cannot use any other plugin to set the response header as this plugin sets different values to the response header to work properly and talk to Cloudflare.

    So, if you add any other plugin that is also trying to modify the response header there will be a tug of war between who gets to have access to the header as once the header is sent it cannot be modified. So, only one of them can do it.

    If you would like to add an additional response header I would suggest you to do it via the server rule section, either in your .htaccess file or in your nginx.conf file instead of trying to add them via a plugin.

    Thread Starter p15h

    (@prestonwordsworth)

    Dear Saumya

    Many thanks for your prompt reply. We did indeed observe the tug of war and tried editing .htaccess manually, to no avail. Fortunately, the two plugins appear to have figured out a way to coexist after a while, and our security headers finally get validated.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Not compatible with HTTP Headers’ is closed to new replies.