Hi @margomm
The headers are related to security headers for example,
In case you use a protection plugin like our Defender plugin https://wordpress.org/plugins/defender-security/ it will apply the security headers for your website, some plugins cache doesn’t include those headers on the caching making the protection useless when the browser renders the cached version, however, on the new Hummingbird plugin we allow users to enable this.
In case you are using this protection tool, it is a nice idea to enable the feature too.
Let us know if you have any additional question on this.
Best Regards
Patrick Freitas
1. If I install your Defender plugin, do I need to enable Cache headers?
2. I have specified security headers in .htaccess without additional plugin.
Do I need to enable Cache headers in Hummingbird?
This is what I pointed out in .htaccess:
#
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/xml application/xml application/xhtml+xml text/javascript text/css application/x-javascript
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4.0[678] no-gzip
BrowserMatch bMSIE !no-gzip !gzip-only-text/html
<ifmodule mod_gzip.c>
mod_gzip_on Yes
mod_gzip_item_include file \.js$
mod_gzip_item_include file \.css$ </ifmodule>
</IfModule>
# img,js, css
FileETag MTime Size
<ifmodule mod_expires.c>
<filesmatch “.(jpg|gif|png|css|js)$”>
ExpiresActive on
ExpiresDefault “access plus 1 month”
</filesmatch>
</ifmodule>
# Extra Security Headers
<IfModule mod_headers.c>
Header set X-XSS-Protection “1; mode=block”
Header always append X-Frame-Options SAMEORIGIN
Header set X-Content-Type-Options nosniff
Header set Strict-Transport-Security “max-age=31536000” env=HTTPS
</IfModule>
#
<FilesMatch “^.*(error_log|wp-config\.php|php.ini|\.[hH][tT][aApP].*)$”>
Order deny,allow
Deny from all
</FilesMatch>
#
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ – [F,L]
RewriteRule !^wp-includes/ – [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ – [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php – [F,L]
RewriteRule ^wp-includes/theme-compat/ – [F,L]
</IfModule>
#
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]
# PHP
<IfModule mod_headers.c>
Header unset X-Powered-By
Header unset Server
</IfModule>
# xmlrpc
<Files xmlrpc.php>
Order Allow,Deny
Deny from all
</Files>
# htaccess
<Files .htaccess>
order allow,deny
deny from all
</Files>
#
RewriteCond %{QUERY_STRING} author=d
RewriteRule ^ /? [L,R=301]
Hello @margomm
Caching security headers has nothing to do with the origin of them (plugin or manual method), but it has to do with the fact that the caching module is able to include these in the cached copies of pages. So if you want these security headers in the cached pages, you enable that option.
Thank you,
Dimitris
Thanks! I realized.
I love Hummingbird!
Hi @margomm
We are happy to hear you like the plugin.
Feel free to let us know if you have any additional question.
Best Regards
Patrick Freitas
