Security headers notification

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Mark

    (@markwolters)

    1 year, 3 months ago

    Hi @giorgos93,

    the site health notice should correctly detect the X-XSS-Protection header with value 0 and thus not show the notice if it has been set. Could you check if the site health notice still appears? If so, you could try if clearing all caches the website uses resolves the issue.

    Thread Starter George

    (@giorgos93)

    1 year, 3 months ago

    Hi, @markwolters

    I did try to clear cache several times, but it didn’t help – the notification still appears.

    Just in case: I use this code in my .htaccess file (I use Apache):

    Header always set X-XSS-Protection “0”

    Plugin Author Mark

    (@markwolters)

    1 year, 3 months ago

    Hi @giorgos93,

    We can try to manually clear the header detection cache. Can you add the below lines to the functions.php file of your currently active theme? Add the code, save the file, and reload the back-end (wp-admin) of your WordPress website once, so that the header cache is cleared. After reloading the back-end once, remove the lines from the file. Then the header detection should be reset.

    add_action(‘admin_init’, ‘rsssl_delete_cached_headers’);

    function rsssl_delete_cached_headers() {

      RSSSL_PRO()->headers->delete_admin_transient(‘detected_headers’);

    }

    Thread Starter George

    (@giorgos93)

    1 year, 3 months ago

    It did help, thanks!

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Security headers notification’ is closed to new replies.