security headers

  • Resolved Evan

    (@honkyli)


    4 years, 11 months ago

    Hi,

    I noticed after enabling the HTTP headers in the plugins settings that they aren’t being noticed when I perform a scan on securityheaders.com

    I don’t have much details as there’s nothing in the log being displayed, and I’ve contacted my host directly to see if it was a caching issue but they’ve stated there’s no issue on their end.

    Would appreciate your input on this ??

    Thank you!

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Blobfolio

    (@blobfolio)

    Hi @honkyli,

    Apocalypse Meow sends its headers directly to PHP via the header() method.

    That should work provided:

    • A misconfigured plugin/theme isn’t sending output to the browser prematurely (headers have to precede content);
    • PHP is actually handling the request (i.e. no proxies or cache exist anywhere in the middle).

    I’d be happy to take a look at the headers coming from your site if you share a link. (You can email it to me at [email protected] if you’d rather not post it publicly.)

    Also, which settings did you go with?

    • This reply was modified 4 years, 11 months ago by Blobfolio. Reason: Typo
    Thread Starter Evan

    (@honkyli)

    Thanks for the reply,

    I’ll definitely take you up on the offer and send you the link to your email (currently down for unscheduled maintenance.)

    I checked both the HTTP Headers for Referrer policy and I believe X-Frames, and set the X-Content to “none”. I’ll reach out to through your email though once it’s back up and running ??

    Thanks again!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘security headers’ is closed to new replies.