Continuing the discussion from Nginx WordPress Security headers:
I just today get success to reinstall on Oracle new server and tried to follow Pluto, but no success. Any idea what could be issue?
P.S. - No cache plugins, no CDN, only pure WordPress
Solved. It now working for me neither with disabled HSTS, but if I add headers to existing Hestia HSTS header file, just below the first (only) line, all headers are accepted.