Security Headers Directive

  • Resolved bobsled

    (@bobsled)


    5 years, 5 months ago

    I have set the directive, no-referrer-when-downgrade in the browser cache. But when I check with Developer Tools, the directive isn’t being recognized.

    But if I use an online checker, it works for some of my sites, but not for others.

    Am I missing an extra setting perhaps?

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Contributor Marko Vasiljevic

    (@vmarko)

    5 years, 5 months ago

    Hello @bobsled

    Thank you for your inquiry and I am happy to assist you with this.
    The only thing you need to do is go to Performance>Browser Cache, scroll down to Security Headers section, find and enable the Referrer-Policy checkbox, and select the desired Directive: i.e. no-referrer-when-downgrade
    I hope this helps!
    Thanks!

    Thread Starter bobsled

    (@bobsled)

    5 years, 5 months ago

    Thanks @vmarko

    I did that on all my sites, but the directive doesn’t register with Dev Tools on some of them.

    I can’t see a difference in my settings on each site. But I might be wrong. There are so many settings!

    Is there a setting that could block the directive?

    Plugin Contributor Marko Vasiljevic

    (@vmarko)

    5 years, 5 months ago

    Hello @bobsled

    Thank you for the information.
    There is no setting in W3 Total Cache that could block the directive.
    So possibly you might have some rules set on your host for the website you are having issues with, that are unsettling the directive.
    Please check your .htaccess file as if properly set, you should have the following line just above the end of the W3TC Browser Cache rules:

    
<IfModule mod_headers.c>
    Header set Referrer-Policy "no-referrer-when-downgrade"
</IfModule>
# END W3TC Browser Cache

    Thanks!

    Thread Starter bobsled

    (@bobsled)

    5 years, 5 months ago

    Thanks @vmarko

    I checked and yes, I can see the referrer-policy in the htaccess files. Not sure why Dev Tools can’t see it, but that’s another issue.

    Thanks for your help.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Security Headers Directive’ is closed to new replies.