Htaccess file Security headers are gonne after activating Cloudflare

Hi, I implemented a bunch of security headers in my .htaccess file and checked them with securityheaders.com, I got all Green perfect 6/6 score.

after activating Cloudflare on my site for some reason all the securityheaders that I set earlier are now ignored and the securityheaders test shows 1/6 security headers.

Here is the code I added to the htaccess file :

Header always set Strict-Transport-Security "max-age=31536000;includeSubDomains"
Header always set x-xss-protection "1; mode=block"
Header always set x-frame-options "SAMEORIGIN"
Header always set X-Content-Type-Options "nosniff"
Header always set Cache-Control "max-age=2628000, public"
Header always set Referrer-Policy "strict-origin"
Header always set Content-Security-Policy "upgrade-insecure-requests"
Header always set Permissions-Policy "geolocation=(); midi=();notifications=();>

I dont have much knowledge of security headers, but I understood they are important for the security of my site and its important to set them correctly.

Sadly I’m weak on the technical side, even the code above Is just copied from somewhere else, so if you know what’s causing this please explain in Minecraft terms.

Thank you for your time.

I am not aware, however you can add them via Transform Rules at Cloudflare:

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.