Security Header Recomendations

  • Resolved neotechnomad

    (@neotechnomad)


    8 years, 9 months ago

    On the Sucuri dashboard:

    Recomendations

    Security Header: X-XSS-Protection Missing
    We did not find the recommended security header for XSS Protection on your site.
    Security Header: X-Frame-Options
    We did not find the recommended security header for ClickJacking Protection on your site.
    Security Header: X-Content-Type nosniff
    We did not find the recommended security header to prevent Content Type sniffing on your site.

    On all the sites I admin, I have these headers in the respective .htaccess files yet, Sucuri is not recognizing they exist.

Viewing 1 replies (of 1 total)
  • yorman

    (@yorman)

    8 years, 9 months ago

    The plugin caches this information for a couple of minutes (20 minutes in the latest version) and SiteCheck for 48 hours. Assuming that you are seeing these recommendations even after the cache has been flushed, I would say the headers were either implemented incorrectly or your hosting provider has disabled the mod_headers module, at least outside the virtual host.

    However, if you are completely sure that the headers are being applied correctly, just send me an email to [removed] (email removed to avoid spam) with the URL to the websites that you are having problems with and I will check them manually to see what is the problem.

    Marking as resolved, as this is an edge case that is only affecting one user. I will continue handling this ticket in private with the original poster via emails. If anyone else is having the same problems feel free to jump into the conversation and I will help.

Viewing 1 replies (of 1 total)

The topic ‘Security Header Recomendations’ is closed to new replies.