Title: Duplicate headers Last modified: January 6, 2026 --- # Duplicate headers * Resolved [argusnet](https://wordpress.org/support/users/argusnet/) * (@argusnet) * [5 months ago](https://wordpress.org/support/topic/duplicate-headers-5/) * I don’t think this is a security issue, but am curious as to why there are duplicate headers displayed in the Google Inspector network tab. Are they being set at two different places. Maybe one is on the server hosting the site and the second at a gateway or some other system in front of the server. These don’t show up when I run a scan through securityheaders.com * cross-origin-embedder-policy unsafe-none; report-to=’default’ cross-origin-embedder- policy unsafe-none; report-to=’default’cross-origin-embedder-policy-report-only unsafe-none; report-to=’default’cross-origin-embedder-policy-report-only unsafe- none; report-to=’default’cross-origin-opener-policy unsafe-nonecross-origin-opener- policy unsafe-nonecross-origin-opener-policy-report-only unsafe-none; report- to=’default’cross-origin-opener-policy-report-only unsafe-none; report-to=’default’cross- origin-resource-policy cross-origincross-origin-resource-policy cross-origin * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fduplicate-headers-5%2F%3Foutput_format%3Dmd&locale=en_US) to see the link]_ Viewing 1 replies (of 1 total) * Plugin Author [Andrea Ferro](https://wordpress.org/support/users/unicorn03/) * (@unicorn03) * [4 months, 3 weeks ago](https://wordpress.org/support/topic/duplicate-headers-5/#post-18782291) * Hi **[@argusnet](https://wordpress.org/support/users/argusnet/)**, You’re right, this is not a security issue but it’s a common scenario. * What you’re seeing happens because your hosting provider (or a CDN/proxy in front of your server) is already setting some basic security headers, and then the plugin adds its own. The result is duplicate headers. * The reason securityheaders.com doesn’t show duplicates is that it typically only reads the first or last occurrence of each header, while Chrome DevTools shows everything that’s actually being sent.**To fix this**: Go to **Settings > Headers Security Advanced & HSTS WP**, then scroll to the **“Hide duplicate headers”** section. There you can check the boxes for the headers that are being duplicated, the plugin will then avoid setting those specific headers, letting your hosting’s configuration take precedence (or vice versa, depending on your preference). * Let me know if you need any help identifying which headers are coming from where Viewing 1 replies (of 1 total) You must be [logged in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fduplicate-headers-5%2F%3Foutput_format%3Dmd&locale=en_US) to reply to this topic. * ![](https://ps.w.org/headers-security-advanced-hsts-wp/assets/icon.svg?rev=3102785) * [Headers Security Advanced & HSTS WP](https://wordpress.org/plugins/headers-security-advanced-hsts-wp/) * [Frequently Asked Questions](https://wordpress.org/plugins/headers-security-advanced-hsts-wp/#faq) * [Support Threads](https://wordpress.org/support/plugin/headers-security-advanced-hsts-wp/) * [Active Topics](https://wordpress.org/support/plugin/headers-security-advanced-hsts-wp/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/headers-security-advanced-hsts-wp/unresolved/) * [Reviews](https://wordpress.org/support/plugin/headers-security-advanced-hsts-wp/reviews/) * 1 reply * 2 participants * Last reply from: [Andrea Ferro](https://wordpress.org/support/users/unicorn03/) * Last activity: [4 months, 3 weeks ago](https://wordpress.org/support/topic/duplicate-headers-5/#post-18782291) * Status: resolved