Support » Theme: GeneratePress » Security header doesn’t work

  • Resolved Chigolo

    (@fitnsexy)


    Hello,

    I have several WordPress sites and run them with different themes. Unfortunately I have the problem that I don’t get the security header integrated on my 3 pages with Generate Press.

    When checking on https://securityheaders.com I only get a “D”, because supposedly only STP is active, but the code works on my other sites and I get a “A”-Rating.

    I have included the following code in the respective htaccess file at the beginning (of course changed the domain “xxx-Domain”!):

    # BEGIN Security Header
    <IfModule mod_headers.c>
    Header set Strict-Transport-Security "max-age=15768000; preload"
    Header set X-Frame-Options "SAMEORIGIN"
    Header set X-Content-Type-Options "nosniff"
    Header set X-XSS-Protection "1; mode=block"
    Header set Referrer-Policy "no-referrer"
    Header set Permissions-Policy "accelerometer=(), autoplay=(self), camera=(), encrypted-media=(), fullscreen, geolocation=(self), gyroscope=(), magnetometer=(), microphone=(), midi=(); payment=(), picture-in-picture=('self'), usb=()"
    Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: *.xxx-Domain.de;”
    </IfModule>
    # END Security Header

    Would be grateful for help.

    The page I need help with: [log in to see the link]

Viewing 5 replies - 1 through 5 (of 5 total)
Viewing 5 replies - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.