Disk: Enhanced mode blocks security headers
If you are using W3 Total Cache in “Disk: Enhanced” mode, setting Security Headers via Really Simple Security will not work correctly.
Really Simple Security sets security headers using PHP, and the “Disk: Enhanced” mode in W3 Total Cache completely bypasses PHP to serve static HTML only. This means W3 Total Cache “Disk: Enhanced” mode is inherently incompatible with the Security Headers functionality in Really Simple SSL.
To use Really Simple Security’s security headers functionality, you will need to switch page caching to “Disk: Basic” mode in W3 Total Cache or disable W3 Total cache and use a different caching plugin. “Disk: Enhanced” mode in W3 Total cache has limited performance benefits over “Disk: Basic” mode. In most cases, it will only increase performance by a couple of percent.
To switch W3 Total Cache from “Disk: Enhanced” mode to “Disk: Basic” mode, go to the W3 Total Cache settings and find the Basic Settings under General Settings / Page Cache. There you can select “Disk: Basic” from the dropdown menu.

Referrer Policy set to non-recommended value
W3 Total Cache sets the “Referrer Policy” to a non-recommended and insecure value by default. We recommended you disable the “Referrer Policy” setting in W3 Total Cache. You can find this setting under the Browser Cache / Security Headers section of the W3 Total Cache settings.
