Title: Security Headers Last modified: August 31, 2016 --- # Security Headers * Resolved [jessy161616](https://wordpress.org/support/users/jessy161616/) * (@jessy161616) * [10 years, 3 months ago](https://wordpress.org/support/topic/security-headers/) * Since last Update there no Security Headers anymore. any Info? When i test my site on [https://securityheaders.io](https://securityheaders.io) the tool find no header likes 2X-Content-Type-Options”, “X-Frame-Options” etc. but i have set it in the options from ninjafirewall and have no idea why it don’t work. * Any idea? * [https://wordpress.org/plugins/ninjafirewall/](https://wordpress.org/plugins/ninjafirewall/) Viewing 5 replies - 1 through 5 (of 5 total) * Thread Starter [jessy161616](https://wordpress.org/support/users/jessy161616/) * (@jessy161616) * [10 years, 3 months ago](https://wordpress.org/support/topic/security-headers/#post-7101774) * And another quetion… i have severals logs but no rule… * 24/Feb/16 11:52:34 #2493189 high – 121.xxx POST /xmlrpc.php – Access to WordPress XML-RPC API – [/xmlrpc.php] 24/Feb/16 11:53:27 #4384796 high – 121.xxx POST / xmlrpc.php – Access to WordPress XML-RPC API – [/xmlrpc.php] * Are this requests blocked, or only an info in the Firewall log? * Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/) * (@nintechnet) * [10 years, 3 months ago](https://wordpress.org/support/topic/security-headers/#post-7101775) * Hi, * I cannot reproduce that issue. I just tried with 3 different sites and they all sent the right headers: * ``` HTTP/1.1 200 OK Server nginx Date Wed, 24 Feb 2016 14:42:16 GMT Set-Cookie xxxxxxxxxxxxxxxxxxxxxx; HttpOnly X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-XSS-Protection 1; mode=block ``` * Do you see any error/warning in the firewall “Overview” page? Are you using the ‘.htninja’ user configuration file and have some code to whitelist IPs or anything similar? If you try again the same test from securityheaders.io, do you see that request from the Live Log page? * Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/) * (@nintechnet) * [10 years, 3 months ago](https://wordpress.org/support/topic/security-headers/#post-7101778) * > Are this requests blocked, or only an info in the Firewall log? * They are blocked. If you see ‘critical’, ‘high’, and ‘medium’ in the LEVEL column, it means it was blocked. If you see ‘info’, the corresponding log line will give more details about it (admin login, update, sanitized input etc). * Thread Starter [jessy161616](https://wordpress.org/support/users/jessy161616/) * (@jessy161616) * [10 years, 3 months ago](https://wordpress.org/support/topic/security-headers/#post-7101788) * I can use any header check tool…([https://redbot.org/](https://redbot.org/)) no way it’s work on different sites. But before the update i have checked that is work correct. Pretty shure that this headers remove after update to new version 3.0. * Thread Starter [jessy161616](https://wordpress.org/support/users/jessy161616/) * (@jessy161616) * [10 years, 3 months ago](https://wordpress.org/support/topic/security-headers/#post-7101789) * ah sorry my fault… Caching Problem 🙁 Sorry for this. Viewing 5 replies - 1 through 5 (of 5 total) The topic ‘Security Headers’ is closed to new replies. * ![](https://ps.w.org/ninjafirewall/assets/icon-256x256.png?rev=976137) * [NinjaFirewall (WP Edition) - Advanced Security Plugin and Firewall](https://wordpress.org/plugins/ninjafirewall/) * [Frequently Asked Questions](https://wordpress.org/plugins/ninjafirewall/#faq) * [Support Threads](https://wordpress.org/support/plugin/ninjafirewall/) * [Active Topics](https://wordpress.org/support/plugin/ninjafirewall/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/ninjafirewall/unresolved/) * [Reviews](https://wordpress.org/support/plugin/ninjafirewall/reviews/) * 5 replies * 2 participants * Last reply from: [jessy161616](https://wordpress.org/support/users/jessy161616/) * Last activity: [10 years, 3 months ago](https://wordpress.org/support/topic/security-headers/#post-7101789) * Status: resolved