Title: Security Headers Not Enabled Warning Last modified: December 6, 2021 --- # Security Headers Not Enabled Warning * Resolved [imincognito](https://wordpress.org/support/users/imincognito/) * (@imincognito) * [4 years, 6 months ago](https://wordpress.org/support/topic/security-headers-not-enabled-warning/) * Hi, * I’m getting the following error in your plugin, even though securityheaders.com indicates that my security headers are correctly set. I’m relatively new to secure header, so perhaps I’m missing sth obvious or I’ve got minor syntax error. * Can you shed some light as to why Simple SSL is showing this warning? * **Environment** WP 5.8.2 Simple SSL 5.2.0 * **Simple SSL Warning** The following recommended security headers are not enabled: Upgrade Insecure Requests Referrer-Policy Permissions-Policy * **htaccess Secure Headers Settings** * ``` # BEGIN SECURITY HEADER MODS Header set X-XSS-Protection "1; mode=block" Header set X-Frame-Options "SAMEORIGIN" Header set X-Content-Type-Options "nosniff" Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains" Header set X-Permitted-Cross-Domain-Policies "none" Header set Content-Security-Policy " default-src 'self'; font-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; upgrade-insecure-requests; " Header set Referrer-Policy "same-origin" Header set Feature-Policy " geolocation 'self 'https://sandbox.easternwind.asia; gyroscope 'self'; execution-while-not-rendered 'none' " Header set Permissions-Policy " geolocation = (self 'https://sandbox.easternwind.asia), gyroscope (self), execution-while-not-rendered () " Header set Expect-CT: max-age=86400, enforce, report-uri="https://sandbox.easternwind.asia/report" # END SECURITY HEADER MODS ``` * Thx! * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fsecurity-headers-not-enabled-warning%2F%3Foutput_format%3Dmd&locale=en_US) to see the link]_ Viewing 2 replies - 1 through 2 (of 2 total) * Plugin Author [Mark](https://wordpress.org/support/users/markwolters/) * (@markwolters) * [4 years, 6 months ago](https://wordpress.org/support/topic/security-headers-not-enabled-warning/#post-15138734) * Hi [@imincognito](https://wordpress.org/support/users/imincognito/), * the security headers are indeed set correctly on your site. The notice likely still shows because of caching. Could you try to re-save the Really Simple SSL settings? That will clear the cache and should remove the notice. Alternatively, you can press the ‘dismiss’ link or the X right next to it. * Thread Starter [imincognito](https://wordpress.org/support/users/imincognito/) * (@imincognito) * [4 years, 6 months ago](https://wordpress.org/support/topic/security-headers-not-enabled-warning/#post-15145625) * Hey Mark, * Thx so much for the quick reply. Actually, I did clear the LiteSpeed cache and the notice still appeared, so I’m not sure if Simple SSL has a separate chache. Either way, dismiss works – as long as the settings are correct, that’s all that matters. * Thx! Viewing 2 replies - 1 through 2 (of 2 total) The topic ‘Security Headers Not Enabled Warning’ is closed to new replies. * ![](https://ps.w.org/really-simple-ssl/assets/icon-256x256.png?rev=2839720) * [Really Simple Security - Simple and Performant Security (formerly Really Simple SSL)](https://wordpress.org/plugins/really-simple-ssl/) * [Frequently Asked Questions](https://wordpress.org/plugins/really-simple-ssl/#faq) * [Support Threads](https://wordpress.org/support/plugin/really-simple-ssl/) * [Active Topics](https://wordpress.org/support/plugin/really-simple-ssl/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/really-simple-ssl/unresolved/) * [Reviews](https://wordpress.org/support/plugin/really-simple-ssl/reviews/) * 2 replies * 2 participants * Last reply from: [imincognito](https://wordpress.org/support/users/imincognito/) * Last activity: [4 years, 6 months ago](https://wordpress.org/support/topic/security-headers-not-enabled-warning/#post-15145625) * Status: resolved