Showing security headers are missing

Hi Team,
I have SSL Enabled and I am adding security. For this adding HSTS but after enabling from Cloudflare when I check my headers on https://hstspreload.org/ then always shows an error i.e. Error: No redirect from HTTP. Although all HTTP pages are redirecting to HTTPS only.

Please help.

Check your firewall event log. If you’re blocking the hstspreload bot, it won’t get the HTTPS redirect.

Hi,
In my firewall > Bot > Bot Fight Mode, I enabled yesterday only. But HSTS is enabled from many days but in both the case, error is: Error: No redirect from HTTP. Although all HTTP pages are redirecting to HTTPS only.

Hey,

Thanks for helping!
I am testing on https://securityheaders.com/ and in that two headers are added i.e. Strict-Transport-Security and X-Content-Type-Options.

Are there any options to add the rest 4 headers too via Cloudflare i.e. Content-Security-Policy, X-Frame-Options, Referrer-Policy, and Permissions-Policy?

Let me know.

Hi @hobovideotech,

Scott Helme, the person behind SecurityHeaders, has a Worker template you can use for this:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.