At serverlevel the headers are already secured. NC is a subdomain that uses those settings. In the .htaccess file I need to change these security setttings every update (and install). The warnings in the settingsscreen are ‘false positives’. By default this part of the .htaccess could be:
<IfModule mod_env.c>
# Add security and privacy related headers
Header setifempty Referrer-Policy "no-referrer"
Header setifempty X-Content-Type-Options "nosniff"
Header setifempty X-Download-Options "noopen"
Header always set X-Frame-Options "SAMEORIGIN"
Header setifempty X-Permitted-Cross-Domain-Policies "none"
Header always set X-Robots-Tag "none"
Header setifempty X-XSS-Protection "1; mode=block"
SetEnv modHeadersAvailable true
And the second file that needs edditing every update is .user.ini. This file is overwritten by the installer. I add:
memory_limit = 512M
Then I get a red warning that the checksum is incorrect and that there are errors in the configuration. This is also a false positive.
Perhaps these ‘update’ issues can be solved.