clean_header breaks HTTPS check of WordPress | ww.wp.xz.cn

Resolved Anonymous User 17880307
(@anonymized-17880307)

5 years, 2 months ago

clean_header() removes some headers that are essential for the HTTPS check of WordPress and people see “Talk to your web host about resolving this HTTPS issue for your website.” in the healt check (internally “It looks like the response did not come from this site.” is returned as error description).

See https://github.com/WordPress/WordPress/blame/e1239d91a95177506d1e3cc0a6ed8ed3232130f6/wp-includes/https-detection.php#L204-L227

Also removing these headers brings no advantages regarding SEO or security. This is just Security by Obscurity (removing such information does not prevent attacks, anyone can easily guess and check, that it is WordPress).

Viewing 1 replies (of 1 total)

Plugin Author Anh Tran
(@rilwis)

5 years, 2 months ago

Hi @danielrufde,

Thanks for your feedback. You’re right about the Site Health check and the SEO benefit. I’ve removed this feature from the plugin and will release a new version soon.

Viewing 1 replies (of 1 total)

The topic ‘clean_header breaks HTTPS check of WordPress’ is closed to new replies.

1 reply
2 participants
Last reply from: Anh Tran
Last activity: 5 years, 2 months ago
Status: resolved