Security headers notification

  • Resolved George

    (@giorgos93)


    1 year, 2 months ago

    Hi, I’ve recently put security headers from your article: https://really-simple-ssl.com/instructions/about-recommended-security-headers/ .

    You recommended to put X-XSS-Protection: 0 value. However, after I did it, in my WP Health section appeared a notification: Your website does not send all essential security headers: X-XSS protection.

    If I understand correctly, this notification comes from your plugin. Maybe you should remove it for X-XSS-Protection: 0 value?

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Mark

    (@markwolters)

    1 year, 2 months ago

    Hi @giorgos93,

    the site health notice should correctly detect the X-XSS-Protection header with value 0 and thus not show the notice if it has been set. Could you check if the site health notice still appears? If so, you could try if clearing all caches the website uses resolves the issue.

    Thread Starter George

    (@giorgos93)

    1 year, 2 months ago

    Hi, @markwolters

    I did try to clear cache several times, but it didn’t help – the notification still appears.

    Just in case: I use this code in my .htaccess file (I use Apache):

    Header always set X-XSS-Protection “0”

    Plugin Author Mark

    (@markwolters)

    1 year, 2 months ago

    Hi @giorgos93,

    We can try to manually clear the header detection cache. Can you add the below lines to the functions.php file of your currently active theme? Add the code, save the file, and reload the back-end (wp-admin) of your WordPress website once, so that the header cache is cleared. After reloading the back-end once, remove the lines from the file. Then the header detection should be reset.

    add_action(‘admin_init’, ‘rsssl_delete_cached_headers’);

    function rsssl_delete_cached_headers() {

      RSSSL_PRO()->headers->delete_admin_transient(‘detected_headers’);

    }

    Thread Starter George

    (@giorgos93)

    1 year, 2 months ago

    It did help, thanks!

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Security headers notification’ is closed to new replies.