HTTP Headers

SDGSUser · April 22, 2022, 9:34am

[### Username (e.g. epiz_XXX) or Website URL]

https://sedlescombegardensociety.org.uk

Error Message

Security headers scan shows the following headers missing:

Strict-Transport-Security
Content-Security-Policy
X-Frame-Options
X-Content-Type-Options
Referrer-Policy
Permissions-Policy

Other Information

All but one of these should be set by my Joomla System Plugin. Is the Server overriding or stripping them???

Oxy · April 22, 2022, 9:48am

Hi and welcome to the forum

online tools are blocked to protect users and servers
that’s why these tools throw out the wrong results

but you can always use your browser (dev tools = F12) and see the results

reda2022 · April 22, 2022, 12:26pm

I think unfortrunetely we can’t set HTTP Headers on subdomain, even for a test purpose. I tried for two days to set the headers but the scan keeps on showing that the headers are missing!
Finally i came to the conclusion, that it can’t work on a subdomain.

Admin · April 22, 2022, 4:25pm

Please see @Oxy’s reply.

The headers are working fine, but the scanner is unable to read them correctly.

system · April 29, 2022, 4:25pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.