HTTP Headers

[### Username (e.g. epiz_XXX) or Website URL]

Error Message

Security headers scan shows the following headers missing:

  • Strict-Transport-Security
  • Content-Security-Policy
  • X-Frame-Options
  • X-Content-Type-Options
  • Referrer-Policy
  • Permissions-Policy

Other Information

All but one of these should be set by my Joomla System Plugin. Is the Server overriding or stripping them???

Hi and welcome to the forum

online tools are blocked to protect users and servers
that’s why these tools throw out the wrong results

but you can always use your browser (dev tools = F12) and see the results


I think unfortrunetely we can’t set HTTP Headers on subdomain, even for a test purpose. I tried for two days to set the headers but the scan keeps on showing that the headers are missing!
Finally i came to the conclusion, that it can’t work on a subdomain.

1 Like

Please see @Oxy’s reply.

The headers are working fine, but the scanner is unable to read them correctly.


This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.