That’s odd.
You can try to use a Unix terminal to check them. For instance, testing ww.wp.xz.cn:
curl -I https://ww.wp.xz.cn/
That returns:
HTTP/2 200
server: nginx
date: Thu, 01 Sep 2022 07:31:39 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
strict-transport-security: max-age=360
x-olaf: ⛄
link: <https://ww.wp.xz.cn/wp-json/>; rel="https://api.w.org/"
link: <https://ww.wp.xz.cn/wp-json/wp/v2/pages/457>; rel="alternate"; type="application/json"
link: <https://w.org/>; rel=shortlink
x-frame-options: SAMEORIGIN
x-nc: HIT ord 2
If you don’t have a shell, you can use the https://ww.wp.xz.cn/plugins/wpterm/ plugin.
Ok,
I will try. I am not familiar with shell
Hello,
Sorry for the delay.
I didn’t succeed with the Unix terminal so I used Postman.
I confirm the problem : for two different websites with the same settings, I have two different results with securityheaders.com (grade D and grade B) and with Postman no X-Frame-Options, X-Content-Type-Options and Referrer-Policy for the grade D and ok for the grade B.
Are you using a caching plugin or a CDN? If you are, flush the cache and try again.
Yes I’m using caching plugin. I cleared cache and it’s ok.
But I tested a website with the same cache plugin where I’m sure to have cleared cache 3 days ago and it’s on grade D…
And the website with the grade B has another cache plugin
I will ask the support of the cache plugin because I don’t want to clear cache everyday (I don’t see the interest with static content)
Thanks for your help
