W3 Total Cache Stripping HTTP headers

  • fredclown

    (@fredclown)


    8 years, 2 months ago

    I have been using W3 Total Cache for a while and I just discovered that it is stripping out HTTP headers that I have set with the HTTP headers to improve web site security plugin. I’ve also tried this with the HTTP Headers plugin … same result. So, all the work I’v done to create a secure contet-security-policy is being undone by W3 Total Cache. Please give the option to have it not strip out the HTTP headers.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Fist Full of Crisco

    (@fistfullofcrisco)

    8 years, 2 months ago

    Yup that is expected. Its because u are incorporating them on a live page. W3TC caches pages and when that happens your security headers will only show up once and subsequent requests to the page (serving cached pages) will not get them.

    The guys over at “W3 Total Cache Fixed” realized this a long time ago and so they made a “Security Headers” section that includes things like CSP, among many other security headers and bug fixes.

    You can see it here.

    Dimitar Ivanov

    (@zinoui)

    8 years, 2 months ago

    To make the “W3 Total Cache” plugin works with HTTP Headers plugin you need to use the Apache option for a default mode (under the Advanced settings).

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘W3 Total Cache Stripping HTTP headers’ is closed to new replies.