Disk: Enhanced mode blocks security headers
If you are using W3 Total Cache in “Disk: Enhanced” mode, setting security headers in Really Simple SSL will not work correctly.
Really Simple SSL sets security headers using PHP and the “Disk: Enhanced” mode in W3 Total Cache completely bypasses PHP and serves static HTML only. This means W3 Total Cache “Disk: Enhanced” mode is incompatible with the security headers functionality in Really Simple SSL.
To use Really Simple SSL’s security headers functionality you will need to switch page caching to “Disk: Basic” mode in W3 Total Cache or disable W3 Total cache and use a different caching plugin. “Disk: Enhanced” mode in W3 Total cache has limited performance benefits over “Disk: Basic” mode. In most cases it will only increase performance by a couple of percent.
To switch W3 Total Cache from “Disk: Enhanced” mode to “Disk: Basic” mode go to the W3 Total Cache settings and find the Basic Settings under General Settings / Page Cache. There you can select “Disk: Basic” from the dropdown menu.
Referrer Policy set to non-recommended value
W3 Total Cache sets the “Referrer Policy” to a non-recommended and insecure value by default. We recommended you disable the “Referrer Policy” setting in W3 Total Cache. You can find this setting under the Browser Cache / Security Headers section of the W3 Total Cache settings.