recommended security headers missing?
-
Since about a week I get this message:
Uw site verstuurt niet alle aanbevolen beveiliging headers.
Upgrade Insecure Requests
X-XSS protection
X-Content Type Options
Referrer-Policy
Expect-CT
X-Frame-Options
Permissions-Policy
HTTP Strict Transport SecurityWhen I open .htaccess, all heders are there:
# Really Simple SSL Header always set Strict-Transport-Security: "max-age=31536000" env=HTTPS Header always set Content-Security-Policy "upgrade-insecure-requests" Header always set X-Content-Type-Options "nosniff" Header always set X-XSS-Protection "1; mode=block" Header always set Expect-CT "max-age=7776000, enforce" Header always set Referrer-Policy: "no-referrer-when-downgrade" # End Really Simple SSL And Redirect checker returns: >>> https://www.kunstlokaalno8.nl > -------------------------------------------- > 200 OK > -------------------------------------------- Status: 200 OK Code: 200 Date: Mon, 27 Dec 2021 11:05:25 GMT Content-Type: text/html; charset=UTF-8 Connection: close Server: Apache Strict-Transport-Security: max-age=31536000 Content-Security-Policy: upgrade-insecure-requests X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Expect-CT: max-age=7776000, enforce Referrer-Policy: no-referrer-when-downgrade X-Pingback: https://www.kunstlokaalno8.nl/xmlrpc.php Link: <https://www.kunstlokaalno8.nl/>; rel=shortlink X-Dynamic-Cache: 1 Cache-Control: max-age=600 X-Varnish-Host: ip-172-16-1-103 X-Varnish: 6932960 Age: 0 Via: 1.1 varnish (Varnish/5.0) Accept-Ranges: bytesSo, all seems OK.
I refreshed the settings in Really Simple SSL, but nothing changed and the warning is still there.
What can I do?
The page I need help with: [log in to see the link]
Viewing 3 replies - 1 through 3 (of 3 total)
Viewing 3 replies - 1 through 3 (of 3 total)
- The topic ‘recommended security headers missing?’ is closed to new replies.
