apmcapital.ae
X-Content-Type-Options header is missing
I have added headers and values on Rules - Transform Rules - Modify Response Header.
Still added headers not there. I check with https://securityheaders.com/
Yes
Full
May I ask if you’ve tried to use “Set Static” instead of “Add”, since some other option(s) might interfere with this before delivering this to the end-visitor of your Website? 
I can see it’s a HIT; meaning you’re caching the HTML as well either with a Page Rule Cache Everything or other way?
May I ask what’s your settings under the SSL/TLS → Edge Certificates for HSTS?
Since these settings add the specific HTTP header, which seems to be “missing” in your case:
Hi,
HSTS is off. I enabled it and will try to check later. Disabled custom headers for now.
Thanks for your help.
Thank you for feedback.
I’d suggest to Purge the Cache after those modifications, to make sure the changes are properly applied.
Your DNS records are not proxied so requests are not passing through Cloudflare and instead going direct to your host…
https://cf.sjr.dev/tools/check?f015b74da4c84bf0b63e16ed90ab7a02#dns
Use “Full (strict)” so Cloudflare verifies your origin SSL certificate is valid and the connection is fully secured (only works when proxied).
This is still your issue (for your www record to which your apex domain redirects)…
https://cf.sjr.dev/tools/check?b5262888f51246ce8153eb87c5e11d84#dns
Unless you proxy the record, anything you set in Cloudflare can’t be applied to requests to your site. If your host won’t work when the site is proxied, then you’ll need to add the headers at your origin.
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.
