dmalmeida

Hi

Thanks for an awesome plugin.
The problem described by @xstrych9x continues to exist.
https://hstspreload.org/?domain=penchecks.com

But even your site tentacleplugins.com can’t “pass” https://hstspreload.org/?domain=tentacleplugins.com

My site can’t pass too: https://hstspreload.org/?domain=cebolinha-imaginaria.com

I already did what you suggested: Uninstalled the plugin, reinstalled, check .htaccess with plugin installed and uninstalled and can’t make this work.

This is the code that my .htaccess have:

# Headers Security Advanced & HSTS WP - 5.0.06
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" "expr=%{HTTPS} == 'on'"
Header always set X-XSS-Protection "1; mode=block"
Header always set X-Content-Type-Options "nosniff"
Header always set Referrer-Policy "strict-origin-when-cross-origin"
Header always set Expect-CT "max-age=7776000, enforce"
Header set Access-Control-Allow-Origin "null"
Header set Access-Control-Allow-Methods "GET,PUT,POST,DELETE"
Header set Access-Control-Allow-Headers "Content-Type, Authorization"
Header set X-Content-Security-Policy "img-src *; media-src * data:;"
Header always set Content-Security-Policy "report-uri https://cebolinha-imaginaria.com"
Header always set X-Frame-Options "SAMEORIGIN"
Header always set Permissions-Policy "accelerometer=(), autoplay=(), camera=(), fullscreen=*, geolocation=(self), gyroscope=(), microphone=(), payment=*"
Header set X-Permitted-Cross-Domain-Policies "none"
</IfModule>
# END Headers Security Advanced & HSTS WP

What can I do to pass hstspreload?

Thanks