Some Headers Missing?

  • Hello!

    We installed the plugin and set it up but testing via the above URL shows these are missing, any idea why?

    Referrer-Policy (We have this set, yet the test shows it’s not showing)
    Referrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites.

    Content-Security-Policy (We had to manually add this to .htaccess because it’s not in the plugin)
    Content Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets.

    Permissions-Policy Features Policy has been renamed to Permissions-Policy, so it’s not working via your plugin
    Permissions Policy is a new header that allows a site to control which features and APIs can be used in the browser.

    The page I need help with: [log in to see the link]

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Author Rik Lewis

    (@riklewis)

    Referrer-Policy – I don’t know why this isn’t coming through, perhaps something else on your server that is stripping it off? Cloudflare passes it through, so it’s not them. You can see by checking my site, which uses this plugin, that it is working on my site… https://securityheaders.com/?q=riklewis.com&followRedirects=on

    Content-Security-Policy – this is a rather complicated header to set, as it is very specific to your website configuration. I do plan to add this header in a future version of this plugin though.

    Permissions-Policy – this plugin still uses the old Feature-Policy, which has recently been replaced by Permissions-Policy. I plan to change this in the next version of this plugin.

    Thread Starter joyryde

    (@joyryde)

    Thanks Rik!

    Ive tried everything I can think of to fix the Referrer-Policy issue, not sure what to do! I’ve changed it to every setting it offers and none of them make it appear in the scan.

    Plugin Author Rik Lewis

    (@riklewis)

    Which hosting provider is the site running on?

    Thread Starter joyryde

    (@joyryde)

    Hostgator

    Plugin Author Rik Lewis

    (@riklewis)

    I can’t see anyone else saying anything about Hostgator modifying their headers, but they’re not a host that I’ve used myself.

    I think the most likely explanation is that another plugin is modifying the headers, perhaps whichever one is adding the “x-wp-cf-super-cache” headers.

    Thread Starter joyryde

    (@joyryde)

    aah, OK! That’s this plugin:

    https://www.ads-software.com/plugins/wp-cloudflare-page-cache/

    I’ll ask them about this, thank you!

    Thread Starter joyryde

    (@joyryde)

    Problem solved!

    While caching pages WordPress removes all extra response headers by default. Our Cloudflare plugin (above) has an option to save the response headers so that the fallback cache stores those headers and makes sure they are added to the response when the page is provided.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Some Headers Missing?’ is closed to new replies.