Hi there
I hope I am submitting my concern in the right category.
I issues with security headers.
I have added the following headers into htaccess but there aren’t taking effect. Here is what i have done so far to make it work.
- I have also disabled cloudflare.
- Enable Rewrite is turned ON
- cleared all cache
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
Header always set Content-Security-Policy "default-src 'self';"
Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-Content-Type-Options "nosniff"
Header always set Referrer-Policy "strict-origin-when-cross-origin"
Header always set Permissions-Policy "geolocation=(), camera=(), microphone=()"
</IfModule>
Can someone help to figure out the issue presented?