W3 Total Cache and Security Headers

Disk: Enhanced mode blocks security headers

If you are using W3 Total Cache in “Disk: Enhanced” mode, setting security headers in Really Simple SSL will not work correctly.

Really Simple SSL sets security headers using PHP and the “Disk: Enhanced” mode in W3 Total Cache completely bypasses PHP and serves static HTML only. This means W3 Total Cache “Disk: Enhanced” mode is incompatible with the security headers functionality in Really Simple SSL.

To use Really Simple SSL’s security headers functionality you will need to switch page caching to “Disk: Basic” mode in W3 Total Cache or disable W3 Total cache and use a different caching plugin. “Disk: Enhanced” mode in W3 Total cache has limited performance benefits over “Disk: Basic” mode. In most cases it will only increase performance by a couple of percent.

To switch W3 Total Cache from “Disk: Enhanced” mode to “Disk: Basic” mode go to the W3 Total Cache settings and find the Basic Settings under General Settings / Page Cache. There you can select “Disk: Basic” from the dropdown menu.

Referrer Policy set to non-recommended value

W3 Total Cache sets the “Referrer Policy” to a non-recommended and insecure value by default. We recommended you disable the “Referrer Policy” setting in W3 Total Cache. You can find this setting under  the Browser Cache / Security Headers section of the W3 Total Cache settings.

Simple and Performant Security.
Easily improve site security with WordPress Hardening, Two-Factor Authentication (2FA), Login Protection, Vulnerability Detection and SSL certificate generation.