Tagged: Browser Cache
-
AuthorPosts
-
June 19, 2023 at 5:30 am #93260Mel ParkerGuest
Hi,
I would like to configure the Security Headers settings in W3TC > Performance > Browser Cache. I cannot find a guide with recommended settings online, not even on the BoldGrid website. I found a few posts stating that W3TC Security Headers is causing problems on their site.One online guide to W3TC settings that I have followed for configuration of other sections has no settings recommendations for the Security Headers, only states it is easier to use the HTTP Headers plugin. I researched this plugin and found many posts of people having problems with this plugin so I will avoid it.
Could you please let know if it is necessary/recommended to have security headers set up. My sitechecker website test shows as critical issue that my site has missing security headers and lists
– Strict Transport Security HSTS Policy
– X-Content-Type-Options
– Content-Security-Policy (CSP) header, and
– X Frame Options Header (But I read online I should not use it and should use the CSP header frame-ancestory directive instead, see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options. There was also a topic posted to BoldGrid about this).If necessary to setup Security Headers, could you please let me know which settings are recommended or provide a link to a setup guide I can use? There are so many fields in the setup and I have no idea how to configure them. Researching each one would take too long.
Thanks!
June 19, 2023 at 9:39 am #93474Marko VasiljevicKeymasterHey Mel,
Thank you for reaching out and I am happy to answer.
As I’ve mentioned in the previous topic regarding this, security headers are an option in the W3 Total Cache, however, how and if you are going to use it, it depends on you, your website, and what you are trying to achieve so there is no single answer for this.
In W3 Total Cache Browser Cache settings there is a description for each option. Again, it’s up to you on what you are trying to achieve and how the website should behave, and this is why there are a lot of articles explaining the Security headers, however, there are no recommended settings, since every website’s traffic, purpose and content is different.I hope this answers your question
Thanks!
-
AuthorPosts
- The topic ‘Security Headers setup recommendations’ is closed to new replies.