File protection directives do not work htaccess

Website URL

https://mrfpmc-cip.ct.ws

(please specify the URL of the site on which you are experiencing the problem)

Error Message

The error is that when checking on online sites like https://headerscan.com I get errors that Headers Missing and equals 6 pieces, that is, all the directives that I added

(please share the FULL error message you see, if applicable)
I am attaching a screenshot of the errors and the contents of the file

.htaccess

RewriteEngine On
RewriteBase /

RewriteCond %{REQUEST_URI} \/(?:store\.log|store\.dat|store\.json|store_orders\.log|invoice-series\.json|ga_code|data\.json|forms.log|project\.db|[^\.]+\.dat)$ [OR]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^.*$ index.php [L,QSA]

RewriteEngine On
RewriteBase /

RewriteCond %{REQUEST_URI} \/(?:store\.log|store\.dat|store\.json|store_orders\.log|invoice-series\.json|ga_code|data\.json|forms.log|project\.db|[^\.]+\.dat)$ [OR]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^.*$ index.php [L,QSA]

`<ifModule mod_headers.c>`
  Header always set X-Frame-Options "SAMEORIGIN"

  #Header always set X-XSS-Protection "1; mode=block"
  
  Header always set X-Content-Type-Options "nosniff"

  #Header always set X-Permitted-Cross-Domain-Policies "none"

  #Header set Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'; base-uri 'self';"
  Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
`</ifModule>`

Other Information

screenshot

(other information and details relevant to your question)

Hi and welcome back!
Your site is correctly applying those three security headers:

image

And the other three are not being applied because you commented them in the .htaccess code.

The reason that the tool cannot find or detect the headers is because they are unable to access your site due to this:

You can safely ignore it.

5 Likes

Thanks for the answer! It turns out that infinityfree.com is some kind of firewall?

InfinityFree uses a security system on your website to protect it from things like DDos attacks, hacking, and some more things as far as I know.

Also, Welcome back to the InfinityFree Forum! It’s been a while since we have seen you!

Thanks for the answer!

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.