Support » Plugin: HTTP Headers » Headers not sent to the client

  • Resolved eitanc



    The headers are not sent to the client.
    I followed what you wrote at and:

    1. Running “apachectl -M” listed “headers_module (shared)”
    2. Commenting the lines of

    # <IfModule>

    # </IfModule>

    Didn’t produce an error when loading the site’s base page again (after cleaning cache, cookies and so)
    3. I know that generally my .htaccess file works since it is a wordpress site and other plugins change and use it OK

    It is Apache 2.4 and PHP 4.7 on the latest cPanel and WHM.

    In most of the time the file has permissions of only “Read” to all – owner, group and all (after, of course, setting the plugin)

    The section is:

    # BEGIN HttpHeaders
    # The directives (lines) between BEGIN HttpHeaders and END HttpHeaders are
    # dynamically generated, and should only be modified via WordPress filters.
    # Any changes to the directives between these markers will be overwritten.
    <IfModule mod_headers.c>
    Header always set X-Content-Type-Options “nosniff”
    Header set Access-Control-Allow-Methods “GET, POST, HEAD” env=CORS
    <FilesMatch “\.(php|html)$”>
    Header always unset X-Powered-By
    Header unset X-Powered-By
    Header set X-Frame-Options “SAMEORIGIN”
    Header set X-XSS-Protection “1; mode=block”
    Header set X-Download-Options “noopen”
    Header set X-DNS-Prefetch-Control “on”
    Header set Strict-Transport-Security “max-age=31536000; includeSubDomains; preload” env=HTTPS
    Header set Feature-Policy “accelerometer ‘none’; ambient-light-sensor ‘none’; autoplay ‘none’; camera ‘none’; geolocation ‘none’; gyroscope ‘none’; magnetometer ‘none’; microphone ‘none’; midi ‘none’; payment ‘none’; usb ‘none’; vibrate ‘none’; vr ‘none'”
    # END HttpHeaders

    Any ideas?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Thread Starter eitanc


    As an attempt to solved it I changed the working mode to be “Use PHP to send headers (deprecated)” and now the client get the headers.

    I think you should change the text here – on the description you encourage users to use the PHP option with a text of “the PHP method works perfectly” but this option’s name text include “(deprecated)” – hinting users to avoid it as it is old, soon-be-gone, hence not recommended.

    The overall text should be clear what is the recommended, what is the default mode (PHP I guess) and when it is advised to change it to .htaccess (e.g. cache issues).


    Plugin Author Dimitar Ivanov


    I will consider to rewrite the texts, thanks for suggestion.

    Sorry.Replied the wrong thread.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Headers not sent to the client’ is closed to new replies.