_headers files not working

Hi,

I’ve deployed s22-2.netlify.app on netlify, a simple site, and I’ve added a _headers plain text file with basic CSR code:

/*
Content-Security-Policy: default-src ‘self’;

(I have tried a couple of different CSR versions and neither worked.)

It’s in the same folder as the files for the website, which, other than this, runs as expected. The encoding is UTF-8. It feels like the file is simply not being read - but you’ll know better than me.

I’ve checked the site through securityheaders.com, pagespeed insights and the developer tools, all of which indicate an issue: there is no CSR.

I’d really appreciate any help.

Thank you

The file is named _headers.txt which is the reason it isn’t being processed. If you rename it to just _headers (with no .txt file extension) it will work. However, if that doesn’t resolve the issue, please let us know.

Hi,

Thank you for getting back to me. I managed to delete the extension and I think it is working now.

Thanks again,
Peter

thanks for coming back in and sharing your issue was resolved.

1 Like

Hey,

Please could you take a quick look at tester1558.netlify.app ? I believe I’ve got the _headers file as it should be (without extension), but it doesn’t seem to be gathering any data, and when I do the external site checks, they indicate there is no CSR.

It looks the same as s22-2.netlify.app from the other day, which has effective CSR. I note that the s22-2 _headers file is 50b in size, whereas the one on the tester site is 0b.

I’m sorry to be a pain; I’m learning to build websites as I want to run a business in time to come, so I really have to work out where I’m going wrong.

Thank you

Okay, another update, just to say I’ve fixed it, and the detail.

I thought, I wonder if I can download the _headers file that I know works, delete the extension and replace the bad one with the good one in the folder, and finally redeploy. It worked! The tester site has effective CSR.

I don’t know why the other one didn’t; if you’ve any idea why the _headers file, plain text and no extension, might not have worked, please let me know. I’d like to understand this.

Thank you