Security headers on images, css and js
-
Hi, I’ve installed and activated the plugin and it’s working great for the web pages which are all passing the security headers tests now.
However, it doesn’t seem to be working for any static resources such as JS, CSS and images e.g: https://securityheaders.com/?q=https%3A%2F%2Fwww.westburygr.com%2Fwp-content%2Fuploads%2F2022%2F05%2FTimber-Windows-180×300.jpg&followRedirects=on
I have not changed any of the default settings and I have used the same plugin on other sites on the same server but their static resources are testing fine.
Any help would be greatly appreciated!
Thanks,
-
Hi @goodbanter,
Thank you for your message!
The Content Security Policy (CSP) is a directive applied to the main web page to control which resources (scripts, styles, images, etc.) are allowed to load. It’s normal for static resources like images, CSS, or JS files not to include the CSP header themselves. Instead, they should comply with the CSP defined on the web page.
From the securityheaders.com test, it looks like it’s only checking for CSP headers directly on static resources, which is not typically expected or necessary.
Let me know if you’d like further assistance I am available
- You must be logged in to reply to this topic.
