Phwin com how to withdraw bonus.REGISTER NOW GET FREE 888 PESOS REWARDS!

Resolved danstrongin
(@danstrongin)

1 year, 8 months ago

I have set the headers according to your documentation 3 times now. I keep getting told the headers are not set. Other than adding to the Preload list, everything is set to on, but when I go to SecurityHeaders.com I am told it is not, and the wordpress dashboard says I am missing Upgrade Insecure Requests, Frame Ancestors, X-XSS protection. but they are set to on on my screen.

SecurityHeaders.com has this:

Security Report Summary

F

Site:https://www.mastermanaging.com/IP Address:194.1.147.15Report Time:24 Jun 2023 13:54:35 UTCHeaders:Strict-Transport-Security Content-Security-Policy X-Frame-Options X-Content-Type-Options Referrer-Policy Permissions-PolicyAdvanced:Ouch, you should work on your security posture immediately:

Missing Headers

Strict-Transport-SecurityHTTP Strict Transport Security is an excellent feature to support on your site and strengthens your implementation of TLS by getting the User Agent to enforce the use of HTTPS. Recommended value “Strict-Transport-Security: max-age=31536000; includeSubDomains”.Content-Security-PolicyContent Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets.X-Frame-OptionsX-Frame-Options tells the browser whether you want to allow your site to be framed or not. By preventing a browser from framing your site you can defend against attacks like clickjacking. Recommended value “X-Frame-Options: SAMEORIGIN”.X-Content-Type-OptionsX-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. The only valid value for this header is “X-Content-Type-Options: nosniff”.Referrer-PolicyReferrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites.Permissions-PolicyPermissions Policy is a new header that allows a site to control which features and APIs can be used in the browser.

The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)

phonyroyal
(@phonyroyal)

1 year, 8 months ago
@danstrongin a reply to your message yesterday at The site health tab says some things are not being sent. | www.ads-software.com was deleted overnight and the thread closed.

Almost the opposite of what you report:

A security scan of a site at https://scan.really-simple-ssl.com does not detect many headers, despite them being set in the .htaccess file.

Similarly, the WordPress Tools -> Site Health page reports:

Your website does not send all recommended security headers.
- Upgrade Insecure Requests
- X-XSS protection
- X-Content Type Options
- Referrer-Policy
- X-Frame-Options
- Permissions-Policy
- HTTP Strict Transport Security
However, a scan using securityheaders.com shows the headers do exist.
Kim van Dijk
(@kimvdijk)

1 year, 8 months ago

Hi @danstrongin,

The security headers not being recognised can have several causes, we are happy to look into this with you. Please email us at support @ really-simple-ssl.com as these are Premium features and wee are not allowed to follow up on this at the forum.

Kind regards, Kim

phonyroyal
(@phonyroyal)

1 year, 7 months ago

Thanks Kim – I have resent the email to the address above.

Thanks

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Really Simple says it is set, but wordpress and https://securityheaders.com/ no’ is closed to new replies.