• Resolved Outerbridge

    (@outerbridge)


    Hi

    Love the plugin.

    In the recommendations, I’m seeing:

    Security Header: X-XSS-Protection Missing
    We did not find the recommended security header for XSS Protection on your site.

    But I have the following line in my Nginx config:
    add_header X-XSS-Protection "1; mode=block";

    and I know it is working as I have checked it at securityheaders.io

    Many thanks
    Mike

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • Yes, you have the correct configuration.

    Please ignore the recommendation for now, Nginx usually adds these HTTP headers in lowercase, and SiteCheck is expecting to see some uppercase characters in the string, it’s a bug on our side that I already reported to my co-workers a few days ago; they are working on a fix. Once they push their changes live, the warnings will automatically disappear.

    Thank you for the report.

    Thank you, that’s great!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘X-XSS-Protection’ is closed to new replies.