Play Zone slot,nice88 jili casino.Recharge Every day and Get Bonus up-to 50%!

Resolved tanckom
(@tanckom)

6 years ago

I’ve enabled all security headers and none are enabled on the page using this tool:
https://securityheaders.com/
to check.

The page I need help with: [log in to see the link]

Viewing 10 replies - 1 through 10 (of 10 total)

Plugin Author nintechnet
(@nintechnet)

6 years ago
You have an issue with your site or webserver configuration. No headers is returned.
Also it seems you have another security application running, so make sure it does not remove the headers but forward them as expected:
```
$ curl  https://advena.me/
<h1>Security incident detected</h1><p>Your request was blocked. Please try again later (or don't).</p>
```
Thread Starter tanckom
(@tanckom)

6 years ago

I’ve removed the security plugin and made sure NinjaFirewall is running.
But I’m only not seeing the headers using this tool:
https://securityheaders.com/?q=https%3A%2F%2Fadvena.me&followRedirects=on
Plugin Author nintechnet
(@nintechnet)

6 years ago
Can you try the following code:
```
<?php
header('Content-Type: text/plain');
header('X-Content-Type-Options: nosniff');
header('X-Frame-Options: SAMEORIGIN');
header('X-XSS-Protection: 1; mode=block');
header('Referrer-Policy: strict-origin' );
```
1. Save it to a file named ‘header.php’.
2. Over FTP, upload the file into your document root folder.
3. Go to securityheaders.com, and enter https://advena.me/header.php as the URL, so that it will test that script only.

Does it work?
Thread Starter tanckom
(@tanckom)

6 years ago

Done and that one works. But what about the rest of the website?
Plugin Author nintechnet
(@nintechnet)

6 years ago
That’s odd, there must be a configuration issue somewhere.
- Do you see any error in the NinjaFirewall “Overview” page?
- Do you see any error in the “Firewall Policies > Advanced Policies” section?
- Are you running the firewall in “Full WAF” or “WordPress WAF” mode ? (You can see which mode you are using in the “Overview” page.)
Thread Starter tanckom
(@tanckom)

6 years ago

1. Overview page are no errors: https://imgur.com/Jms1gLP
2. No errors on Firewall Policies https://imgur.com/wDJRhCf
3. And I’m running “Full WAF”

Plugin Author nintechnet
(@nintechnet)

6 years ago

Do you have a caching plugin installed? It would serve the cached index page, but without the security headers.
Thread Starter tanckom
(@tanckom)

6 years ago
I have and disabled it. The results are still the same. :/
- This reply was modified 6 years ago by tanckom.
Plugin Author nintechnet
(@nintechnet)

6 years ago

I think it has to come from the caching plugin: check your .htaccess. Even if you disabled it, it may have left some rules inside your .htaccess.

Thread Starter tanckom
(@tanckom)

5 years, 12 months ago

Well thanks for the hint, it looked like NinjaFirewall didn’t have access to my .htaccess file and I manually injected the
# BEGIN NinjaFirewall
php_value auto_prepend_file …/wp-content/nfwlog/ninjafirewall.php
# END NinjaFirewall

Script. You sir are a treat, keep going the good work!

Viewing 10 replies - 1 through 10 (of 10 total)

The topic ‘Security headers not working’ is closed to new replies.