Really Simple SSL

The Authorization Header is Missing

Since WordPress 5.6 we’ve been getting reports that users get an error message like this:

“The Authorization Header is Missing”.

The problem appears to be that Apache does not automatically send authorization headers. If that happens, the header has to be enabled in the virtual host file. I can’t say for sure that is has anything to do with the WordPress 5.6 update, we only noted that users are reporting it since then.

Please note that this has nothing to do with the Really Simple SSL security headers: it’s a server configuration issue. I’ve come across to solutions for this.

One user reported that enabling FastCGI fixed it.

All I had to do was run PHP 7.1.4 FastCGI to fix it.

Previously I was running the non-FastCGI version.

https://wordpress.org/support/topic/the-authorization-header-is-missing/#post-14418938

Another solution I came across, which I would personally prefer, is to adjust the Apache virtual host config file:

# Get rid of the Site Health message on missing authorization header 

SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

If you don't know how to adjust your virtual host file, please contact your hosting company about this. 


Rogier

Rogier

Related articles

Leave a Reply

Join our mailing list - 8 Tips & Tricks in your inbox over the next 8 weeks!

Integrate with Really Simple SSL

Really Simple SSL offers a Free SSL Certificate from Let’s Encrypt. Do you want to integrate with Really Simple SSL as a hosting provider? Let us know!

Choose the answer that most closely resembles your proposed integration. Additional information can be entered below.
After sending the form. The pop-up will close automatically.