Missing Header

I tested my website here and it shows i have 4 missing headers.

  1. Content-Security-Policy
  2. X-Frame-Options
  3. Referrer-Policy
  4. Feature-Policy

How Can I make sure all headers are correctly set.

Those are set at the webhost. Or you can create a Cloudflare Worker to do this for you:

https://scotthelme.co.uk/security-headers-cloudflare-worker/

To create worker do i need to upgrade my account or free version would work ?

I added following code in my site’s .htaccess file but no effect.

Header set X-Frame-Options "SAMEORIGIN" Header set Feature-Policy "geolocation 'self'; vibrate 'none'" Header set Referrer-Policy "same-origin"

But whatever we put in cloudflare its picking up.

Result here:

<IfModule mod_headers.c>
Header set X-Frame-Options "SAMEORIGIN"
Header set Feature-Policy "geolocation 'self'; vibrate 'none'"
Header set Referrer-Policy "same-origin"</IfModule>

This post was flagged by the community and is temporarily hidden.

Its fixed. All are green except content security policy.

It was cached. You need to add ?flush after the url and then results shown.

This post was flagged by the community and is temporarily hidden.

This post was flagged by the community and is temporarily hidden.

Feature-Policy has some browser support, but it has been deprecated in favour of Permissions-Policy. You should consider adding it in parallel if that policy is important to you.