At serverlevel the headers are already secured. NC is a subdomain that uses those settings. In the .htaccess file I need to change these security setttings every update (and install). The warnings in the settingsscreen are ‘false positives’. By default this part of the .htaccess could be:
<IfModule mod_env.c> # Add security and privacy related headers Header setifempty Referrer-Policy "no-referrer" Header setifempty X-Content-Type-Options "nosniff" Header setifempty X-Download-Options "noopen" Header always set X-Frame-Options "SAMEORIGIN" Header setifempty X-Permitted-Cross-Domain-Policies "none" Header always set X-Robots-Tag "none" Header setifempty X-XSS-Protection "1; mode=block" SetEnv modHeadersAvailable true
And the second file that needs edditing every update is .user.ini. This file is overwritten by the installer. I add:
memory_limit = 512M
Then I get a red warning that the checksum is incorrect and that there are errors in the configuration. This is also a false positive.
Perhaps these ‘update’ issues can be solved.