I hope I am submitting my concern in the right category.
I issues with security headers.
I have added the following headers into htaccess but there aren’t taking effect. Here is what i have done so far to make it work.
- I have also disabled cloudflare.
- Enable Rewrite is turned ON
- cleared all cache
<IfModule mod_headers.c> Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" Header always set Content-Security-Policy "default-src 'self';" Header always set X-Frame-Options "SAMEORIGIN" Header always set X-Content-Type-Options "nosniff" Header always set Referrer-Policy "strict-origin-when-cross-origin" Header always set Permissions-Policy "geolocation=(), camera=(), microphone=()" </IfModule>
Can someone help to figure out the issue presented?