I’m trying to implement the following security headers but when testing, the default theme code is not getting along so it breaks the site.
add_header X-Content-Type-Options nosniff;
add_header Content-Security-Policy “default-src ‘self’;”;
*add_header Strict-Transport-Security ‘max-age=31536000; includeSubDomains; preload’; *this one works just fine
I’m no expert when it comes to this kind of thing. It wouldn’t be directly related to the theme, I assume the same thing would happen with any theme. Are you sure the code is valid? Have you checked with your hosting?