Security headers not working with WP Super Cache

  • Hi,

    I am using the HTTP security headers plugin to add the following to my sites:
    X-Frame-Options
    X-XSS-Protection
    X-Content-Type-Options
    Feature-Policy
    Referrer-Policy

    However, as soon as WP Super Cache is caching webpages, it strips the security headers entirely.

    I tried

    // Fix security headers
add_filter( 'wpsc_known_headers', 'my_wpsc_custom_headers' );

function my_wpsc_custom_headers( $headers ) {
        $headers[] = 'Feature-Policy';

        return $headers;
}

    But it hasn’t worked for me.

    Does someone know how to fix this issue?

Viewing 3 replies - 1 through 3 (of 3 total)

  • I would suggest adding those at the web server level, if you have access that is.

    Thread Starter msstm

    (@msstm)

    Hi,

    I do have access, but it would be a lot more convenient if WP Super Cache would not strip these headers.

    Is there another way to filter out what WP Super Cache does to these headers by any chance?

    Plugin Author Donncha O Caoimh (a11n)

    (@donncha)

    Have you tried enabling “cache http headers with cache content” on the advanced settings page?

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Security headers not working with WP Super Cache’ is closed to new replies.