Security headers are directives used by web applications to configure security defenses in web browsers.

Based on these directives, browsers can make it harder to exploit client-side vulnerabilities such as Cross-Site Scripting or Clickjacking.

In some cases, non-standard headers, such as ones set through some security plugins, may be lost during the optimization process if the plugin loads later on and the headers are not present at the beginning.

If you have such a problem, the solution is very simple:

Contact our awesome support team and provide them with the headers that must be included. They can apply them to the optimizations generated by NitroPack and preserve them when the cache is being served for your website.

There have been cases where we have received reports that NitroPack causes duplicate security headers when our optimizations are served.

NitroPack preserves those headers and later restores them, but sometimes, using a security plugin or your hosting provider can duplicate them.

By preserving, we store essential headers in the cache file itself and later add them as response headers when a request comes to serve this cache file.

For cases such as these, please reach out to your hosting company and ask them to set up headers in a way that, if such headers already exist, to overwrite them and not add another set.

📌 If you need any assistance or have questions, reach out to our support team at [email protected] or via this link: https://support.nitropack.io