Problem with recommendations (X-XSS Protection & more)
-
Hello,
I am writing to ask about a few problems I’m experiencing regarding 3 recommendations.
First of all, I’m sorry I haven’t linked the website, the reason is that it’s still under construction, so there is only a splash page at the moment. Of course I have the latest version of both WordPress and your plugin installed.
The plugin says everything is okay, but it has 3 recommendations for me. Kindly note I am using a shared linux hosting, so the only way to implement the changes for me is updating the .htaccess file (I don’t have access to the Apache settings).
These are the 3 recommendations I have:
1) Security Header: X-XSS-Protection Missing
We did not find the recommended security header for XSS Protection on your site.
2) Security Header: X-Content-Type-Options nosniff
We did not find the recommended security header to prevent Content Type sniffing on your site.
3) Security Header: Strict-Transport-Security
We did not find the recommended security header Strict-Transport-Security on your site.I have read the instructions and updated the .htaccess file as per what it says in your pages. Unfortunately, speaking about recommendations 1 and 2, even though the changes are applied (I can see them in the Settings – Website Info tab, in the .htaccess file content), the recommendations are still there, as if no results were achieved with those lines of code.
With recommendation #3 it gets even worse, because if I add the suggested line of code, the site becomes no longer available and I get a white page that suggests I contact the site admin.
I have currently undone these changes, anyway I would like to know why these lines of code don’t work, as I have put them at the bottom of my .htaccess file, as suggested by the plugin.The lines of code I’m referring to are, of course:
Header set X-XSS-Protection "1; mode=block"with reference to recommendation #1,
X-Content-Type-Options: nosniffwith reference to recommendation #2 (these two lines of code don’t have any effect) and
Strict-Transport-Security: max-age=31536000; includeSubDomainswith reference to recommendation #3 (this line of code breaks the whole site and gives me a white page as a result, the one that says to contact the site admin).Is it anything I’m doing wrong? Why don’t lines 1 and 2 have any effect?
Please let me know your thoughts, thank you so much.
-
Oh my! Windows 98? My first computer had Windows 98SE, but it’s been 19 years since then! I wouldn’t have imagined anyone was still using it ?? Not to mention IE!!
I personally use the latest versions of Firefox and Chrome (which are also very useful when it comes to debugging a site or identifying the proper CSS to edit to modify its appearance), but I honestly don’t know about my visitors (I stopped using Google Analytics a few years ago). Anyway, let’s hope no one is still living in the early 2000s and people have decent browsers and o.s. ??
I’m okay with the orange bar if it doesn’t mean I will get a B in about a week, although I understand your point that GoDaddy should be a little less lazy. I know there are better hosting providers out there, I chose the cheapest one (I had discount codes) as I’m not making any money through my website, so it’s just there to showcase my work. When my current plan expires (which should be in 2023) I will certainly look for other alternatives and keep in mind the information you have so kindly provided me with.
You have been incredibly helpful and I’m happy to tell you that all 3 Recommendations have disappeared from my Sucuri dashboard!!!
If it weren’t for you, I wouldn’t have known hot to fix this security issue: now it’s not only fixed, but I also understand much more about its meaning and importance.Thank you once again so very much for your time, kindness & help: you’ve been a true angel!
- The topic ‘Problem with recommendations (X-XSS Protection & more)’ is closed to new replies.
