Hi @hellosite, thanks for downloading the Headers Security Advanced & HSTS WP plugin. I am Andrea and I will help you with the issue you are experiencing.
We have another ticket open with the same issue being experienced by a close audience. I’m asking if you can provide more information about the previous version number and the new one.
With the previous version were you experiencing the error? What actions are you taking with the new version?
I thank you for the feedback and within today we will resolve the issue
Hi Nick @hellosite , we’re trying to recreate this issue to fix it as you’re the second person who write us about this matter. It can be a problem related to the proxy buffer size, we’ve simulated it on an nginx server now and working for a solution. We’ll be back soon
Thread Starter
Nick
(@hellosite)
Hello @unicorn03 and @unicorn07
Thank you for your reply
The hosting server is Litespeed
I’am not sur which version was last 5.0.02 or 5.0.03 but I have not this issue before
I have seen this problem 1 or 2 days after updates. The website suddenly show 502 error. I Use 5.0.04 version now
The first thing that could give this problem is the hosting server. The support service of Namecheap has said that the server works correctly. They have done a test to check it.
Then I was sure that this problem comes from .htacces file
I have disabled all rules and serurity plugins and the website start to work.
I have started to check at first the security plugins, but the 502 show even if I deactivate them
The second thing I have disabled Headers Security Advanced & HSTS WP and 502 error was gone. I could see the website only when I was connected as admin but for guest the website shows 502 errors
That is why I can say that last version of the plugin has an issue
—- For additional information
I use now custom rules that I have added them myself for Security Headers and there is not any problem on the website
i can send you the code to see how I did it but your plugin add little different code in .htacces
I’am not an expert to say which is more correct but the website has 100% security protection with this
I hope you can resolve this problem because I love Headers Security Advanced & HSTS WP
Thank you
Best Regards
Hi @hellosite, this is Andrea and I wanted to update you on the 502 issue you reported 4 hours ago. I ran several tests and finally found the bug that was causing the problem with the directives.
How to fix the problem?
- Uninstall and delete the previous Headers Security Advanced & HSTS WP plugin;
- Install the latest version 5.0.06, update permalinks to be safe, and see if you resolve the 502 issue you were reporting in this topic.
Thank you for opening the topic and especially thank you for taking the time to report the issue you were experiencing.
If you still have problems or have further information, please do not hesitate to contact me. Also for even faster support you can also contact us at the following email: support@tentacleplugins.com
Thread Starter
Nick
(@hellosite)
Hello @unicorn03
Thanks for your reply
The plugin didn’t give 502 error with new update. You have resolved the problem very fast. I appreciate it very much
There is a some issue that I want to show.
Screenshot URL: https://prnt.sc/Aebd6w0zLAUk
What do you think why https://www.serpworx.com/check-security-headers/ does not recognise the security headers rules added by the plugin. I have checked that plugin correctly has added the rules but…
Thanks
Best Regards
Hi @hellosite,
thanks for the feedback and I’m glad your topic was resolved. I have viewed the picture you sent me regarding checking the headers with the Serpworx tool.
Serpworx seems to be prioritizing a standard setting that your provider or perhaps a plugin is using.
I am sending you a photo where it should show you a similar directive that the Headers Security Advanced & HSTS WP plugin is using.
Screenshot Serpworx: https://prnt.sc/qzNZ_rN0XAKs
I confirm to you that the plugin uses the directives (X Content Type Options and Feature Policy). Don’t worry though, I’m here to help you solve the problem with Serpworx. 😀
Are you using any plugins or a setting that is using those two standard directives?
Thread Starter
Nick
(@hellosite)
Hello @unicorn03
Thank you again for your help
Some web hostings like IONOS have an issue with security headers. The Serpworx does not show that the security headers work on the website and only with your plugin it work but sometimes not.
And for additional information I have the issue on all my websites that are hosted on Namecheap (but not on other hosting servers). I have added custom security headers rules for them and suddenly yesterday all the websites had the problem with security headers rules (but they worked fine before)
I have installed your new version of the plugin and they work fine.
Are you sure that there was an issue in the plugin ? because I think that the problem may coming from Namecheap server updates.
What do you think ?
Thanks
Best Regards
Hi @hellosite, thanks for the information you gave me. If you give me some time I can check if Namecheap or IONOS by default used headers like the ones reported yesterday.
Could you tell me what rules you added and what way you used to put the directives?
I ask you if you can do a test with securityheaders.com and show me the result of the check
Yes I can confirm you that on this aspect the plugin uses the header directives, however I will update you soon on this topic.
Thread Starter
Nick
(@hellosite)
Hello @unicorn03
I have updated the plugin to last version on every websites and I have not any issue now
Even the websites on IONOS has not problem with security Headers anymore
This last update of the plugin has resolved all problems
Thank you again
Best Regards
Hi @hellosite, thank you for your final feedback I am glad that you are not experiencing any more problems. If you have any further problems or information please do not hesitate to contact me. 🙂
