[Support request] Enabling HTTP Security Headers

Home Forums Support [Support request] Enabling HTTP Security Headers

Home Forums Support Enabling HTTP Security Headers

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #1611631
    Melissa

    Hi there,

    I use GP Premium on my website and am very happy. I have just started hosting with Kinsta and am following their guide on hardening the security of the website.

    Unfortunately, when I asked the Kinsta team to add the latest HTTP security headers, it created visual issues with the website. Kinsta said that I would need to speak to my developer to resolve this. We have since switched back to the original without the security headers.

    The security headers we attempted to implement were the default:

    Content-Security Policy
    X-XSS-Protection
    Strict-Transport-Security
    X-Frame-Options
    Public-Key-Pins
    X-Content-Type

    Can you please let me know what I will need to do to make sure my website still looks good visually with the security headers in place?

    Thank you.

    Melissa

    #1611649
    Leo
    Staff
    Customer Support

    Hi there,

    We are using Kinsta as well but haven’t heard of issues like this.

    Any chance you can show us what the issue is?

    It might be a good idea to start a staging site so your live site still looks good in the mean time.

    Let me know πŸ™‚

    #1611678
    Melissa

    Thanks, Leo. Interesting. I asked Kinsta to reinstate the security headers, I cleared the cache and restarted the PHP… and now the issue is miraculously fixed. No visual error now.

    Maybe it just needed time to work?

    In any case, thank you very much for your prompt answer and help.

    #1611683
    Leo
    Staff
    Customer Support

    Likely some sort of caching issue πŸ™‚

    #1611752
    Melissa

    Hi there

    Apologies, there is another issue that has occured due to setting up HTTP security headers.

    For some strange reason, when the HTTP security headers are enabled (in particular, the HTTP Content-Security-Policy response header), I am unable to edit the page in the WordPress backend.

    Do you know of a way to fix this issue?

    #1612001
    David
    Staff
    Customer Support

    Hi there,

    GP has no control over the editors behaviour, its a core WP Function, in this instance Kinsta should be able to provide some guidance on the correct Content Security Policies as its not theme or plugin related. Give Kinsta another nudge and see what they say πŸ™‚

Viewing 6 posts - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.