Title: Duplicate headers
Last modified: July 31, 2023

---

# Duplicate headers

 *  Resolved [Castor](https://wordpress.org/support/users/castoruk/)
 * (@castoruk)
 * [2 years, 10 months ago](https://wordpress.org/support/topic/duplicate-headers-2/)
 * Hi
 * I’ve hit a strange issue with duplicate (and different) security headers being
   generated, when the plugin is activated.
 * [Browser Screenshot.](https://ibb.co/5YcVNHS)
 * The server is Apache using NGINX as a caching reverse proxy. I’ve tested it with
   and without NGINX caching enabled, and it makes no difference.
 * Looking at the site’s .htaccess file, the only reference to security headers 
   are in the code block created by the plugin.
 *     ```wp-block-code
       # BEGIN Headers Security Advanced & HSTS WP 5.0.27
       <IfModule mod_headers.c>
       Header set Access-Control-Allow-Methods "GET,POST"
       Header set Access-Control-Allow-Headers "Content-Type, Authorization"
       Header set Content-Security-Policy "upgrade-insecure-requests;"
       Header set Cross-Origin-Embedder-Policy "unsafe-none; report-to='default'"
       Header set Cross-Origin-Embedder-Policy-Report-Only "unsafe-none; report-to='default'"
       Header set Cross-Origin-Opener-Policy "unsafe-none"
       Header set Cross-Origin-Opener-Policy-Report-Only "unsafe-none; report-to='default'"
       Header set Cross-Origin-Resource-Policy "cross-origin"
       Header set Permissions-Policy "interest-cohort=(), window-management=(), accelerometer=(), autoplay=(), camera=(), cross-origin-isolated=(), display-capture=(self), encrypted-media=(), fullscreen=*, geolocation=(self), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=*, picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), xr-spatial-tracking=(), gamepad=(), serial=()"
       Header set Referrer-Policy "strict-origin-when-cross-origin"
       Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
       Header set X-Content-Security-Policy "default-src 'self'; img-src *; media-src * data:;"
       Header set X-Content-Type-Options "nosniff"
       Header set X-Frame-Options "SAMEORIGIN"
       Header set X-XSS-Protection "1; mode=block"
       Header set X-Permitted-Cross-Domain-Policies "none"
       </IfModule>
       # END Headers Security Advanced & HSTS WP
       ```
   
 * Any ideas?

Viewing 1 replies (of 1 total)

 *  Plugin Author [Andrea Ferro](https://wordpress.org/support/users/unicorn03/)
 * (@unicorn03)
 * [2 years, 10 months ago](https://wordpress.org/support/topic/duplicate-headers-2/#post-16936443)
 * Hello **[@castoruk](https://wordpress.org/support/users/castoruk/),** thank you
   for opening this threads, I am or Andrea and I will help you in your request.
 * Regarding the duplicate headers you noticed, I confirm that this phenomenon can
   occur for several reasons, such as hosting that might be using some basic parameters,
   use of other third-party plugins on your site, or other technical factors. However,
   I want to reassure you that these duplicate headers will not cause any problems
   with site performance or operation.
 * The plugin is designed to work efficiently and compatible with different configurations.
   The duplicate headers you see are predefined by the plugin itself and are an 
   integral part of its structure. This approach will not compromise the functionality
   or integrity of your website.
 * I constantly strive to ensure that the plugin is optimized. If you have further
   questions or concerns about this, I am here to help and provide you with the 
   support you need.
 * Thanks again for using the plugin and for your feedback, I really appreciate 
   the various open threads

Viewing 1 replies (of 1 total)

The topic ‘Duplicate headers’ is closed to new replies.

 * ![](https://ps.w.org/headers-security-advanced-hsts-wp/assets/icon.svg?rev=3102785)
 * [Headers Security Advanced & HSTS WP](https://wordpress.org/plugins/headers-security-advanced-hsts-wp/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/headers-security-advanced-hsts-wp/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/headers-security-advanced-hsts-wp/)
 * [Active Topics](https://wordpress.org/support/plugin/headers-security-advanced-hsts-wp/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/headers-security-advanced-hsts-wp/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/headers-security-advanced-hsts-wp/reviews/)

## Tags

 * [duplicate](https://wordpress.org/support/topic-tag/duplicate/)

 * 1 reply
 * 2 participants
 * Last reply from: [Andrea Ferro](https://wordpress.org/support/users/unicorn03/)
 * Last activity: [2 years, 10 months ago](https://wordpress.org/support/topic/duplicate-headers-2/#post-16936443)
 * Status: resolved