Title: Security headers notification Last modified: December 21, 2024 --- # Security headers notification * Resolved [George](https://wordpress.org/support/users/giorgos93/) * (@giorgos93) * [1 year, 5 months ago](https://wordpress.org/support/topic/security-headers-notification/) * Hi, I’ve recently put security headers from your article: [https://really-simple-ssl.com/instructions/about-recommended-security-headers/](https://really-simple-ssl.com/instructions/about-recommended-security-headers/). * You recommended to put **X-XSS-Protection: 0** value. However, after I did it, in my WP Health section appeared a notification: _Your website does not send all essential security headers: X-XSS protection._ * If I understand correctly, this notification comes from your plugin. Maybe you should remove it for **X-XSS-Protection: 0** value? * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fsecurity-headers-notification%2F%3Foutput_format%3Dmd&locale=en_US) to see the link]_ Viewing 4 replies - 1 through 4 (of 4 total) * Plugin Author [Mark](https://wordpress.org/support/users/markwolters/) * (@markwolters) * [1 year, 5 months ago](https://wordpress.org/support/topic/security-headers-notification/#post-18213281) * Hi [@giorgos93](https://wordpress.org/support/users/giorgos93/), * the site health notice should correctly detect the X-XSS-Protection header with value 0 and thus not show the notice if it has been set. Could you check if the site health notice still appears? If so, you could try if clearing all caches the website uses resolves the issue. * Thread Starter [George](https://wordpress.org/support/users/giorgos93/) * (@giorgos93) * [1 year, 5 months ago](https://wordpress.org/support/topic/security-headers-notification/#post-18213336) * Hi, [@markwolters](https://wordpress.org/support/users/markwolters/) * I did try to clear cache several times, but it didn’t help – the notification still appears. * Just in case: I use this code in my .htaccess file (I use Apache): * **Header always set X-XSS-Protection “0”** * Plugin Author [Mark](https://wordpress.org/support/users/markwolters/) * (@markwolters) * [1 year, 5 months ago](https://wordpress.org/support/topic/security-headers-notification/#post-18214652) * Hi [@giorgos93](https://wordpress.org/support/users/giorgos93/), * We can try to manually clear the header detection cache. Can you add the below lines to the **functions.php **file of your currently active theme? Add the code, save the file, and reload the back-end (wp-admin) of your WordPress website once, so that the header cache is cleared. After reloading the back-end once, remove the lines from the file. Then the header detection should be reset. * **add_action(‘admin_init’, ‘rsssl_delete_cached_headers’);** * **function rsssl_delete_cached_headers() {** * **  RSSSL_PRO()->headers->delete_admin_transient(‘detected_headers’);** * **}** * Thread Starter [George](https://wordpress.org/support/users/giorgos93/) * (@giorgos93) * [1 year, 5 months ago](https://wordpress.org/support/topic/security-headers-notification/#post-18214935) * It did help, thanks! Viewing 4 replies - 1 through 4 (of 4 total) The topic ‘Security headers notification’ is closed to new replies. * ![](https://ps.w.org/really-simple-ssl/assets/icon-256x256.png?rev=2839720) * [Really Simple Security - Simple and Performant Security (formerly Really Simple SSL)](https://wordpress.org/plugins/really-simple-ssl/) * [Frequently Asked Questions](https://wordpress.org/plugins/really-simple-ssl/#faq) * [Support Threads](https://wordpress.org/support/plugin/really-simple-ssl/) * [Active Topics](https://wordpress.org/support/plugin/really-simple-ssl/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/really-simple-ssl/unresolved/) * [Reviews](https://wordpress.org/support/plugin/really-simple-ssl/reviews/) * 4 replies * 2 participants * Last reply from: [George](https://wordpress.org/support/users/giorgos93/) * Last activity: [1 year, 5 months ago](https://wordpress.org/support/topic/security-headers-notification/#post-18214935) * Status: resolved