Title: Needs apache_response_headers to be implemented
Last modified: April 29, 2021

---

# Needs apache_response_headers to be implemented

 *  Resolved [SoN9ne](https://wordpress.org/support/users/son9ne/)
 * (@son9ne)
 * [5 years, 1 month ago](https://wordpress.org/support/topic/needs-apache_response_headers-to-be-implemented/)
 * The recommended security headers will always show false values if the server 
   is configured to use these headers.
 * Adding `apache_response_headers` would help identify headers that Apache is configured
   for as the current implementation only deals with .htaccess edits.
 * Since .htaccess is the only checks being done, this plugin is not really that
   efficient and will give you false values. Given the size of the alerts section,
   this can be very frustrating.
 * Also, an update to validate response headers would be ideal too. Especially for
   duplicate headers as this can have negative affects and can cause unexpected 
   issues. `Strict-Transport-Security` is an example of such an response header.

Viewing 2 replies - 1 through 2 (of 2 total)

 *  Plugin Contributor [Rogier Lankhorst](https://wordpress.org/support/users/rogierlankhorst/)
 * (@rogierlankhorst)
 * [5 years, 1 month ago](https://wordpress.org/support/topic/needs-apache_response_headers-to-be-implemented/#post-14381641)
 * Hi [@son9ne](https://wordpress.org/support/users/son9ne/),
 * Thanks for the feedback. À branch to improve this is in progress, where the actual
   headers will be detected, be it nginx, Apache, or any other server setup. This
   will resolve both duplicate headers as well as false positives on missing headers.
 *  Thread Starter [SoN9ne](https://wordpress.org/support/users/son9ne/)
 * (@son9ne)
 * [5 years, 1 month ago](https://wordpress.org/support/topic/needs-apache_response_headers-to-be-implemented/#post-14381711)
 * Sounds good [@rogierlankhorst](https://wordpress.org/support/users/rogierlankhorst/).
   I look forward to the update.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Needs apache_response_headers to be implemented’ is closed to new replies.

 * ![](https://ps.w.org/really-simple-ssl/assets/icon-256x256.png?rev=2839720)
 * [Really Simple Security - Simple and Performant Security (formerly Really Simple SSL)](https://wordpress.org/plugins/really-simple-ssl/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/really-simple-ssl/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/really-simple-ssl/)
 * [Active Topics](https://wordpress.org/support/plugin/really-simple-ssl/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/really-simple-ssl/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/really-simple-ssl/reviews/)

 * 2 replies
 * 2 participants
 * Last reply from: [SoN9ne](https://wordpress.org/support/users/son9ne/)
 * Last activity: [5 years, 1 month ago](https://wordpress.org/support/topic/needs-apache_response_headers-to-be-implemented/#post-14381711)
 * Status: resolved