Plugin Author
Carl
(@carlconrad)
Hello,
I just have run the test on your web site but do not see your error message.
Regards,
Carl
Thanks for checking.
When I do it now, this is what I get:
Results for www.berlin-besucht.de
2019-12-26 20:06:20 Etc/UTC
HTTPS by default: Yes
Content Security Policy: Not implemented
Referrer Policy: Referrers leaked
Cookies: 0
Third-party requests: 2 request to 1 unique host
No idea, why it changed.
Do you get something else?
I still like to get this fixed.
-
This reply was modified 6 years, 6 months ago by
Frank Spade.
Plugin Author
Carl
(@carlconrad)
I get the same result. I would be glad to fix it but I first need to reproduce the issue to understand its origin.
Carl
Am I right to expect this plugin to be supposed to fix the Content Security and Referrer Policy?
I set Referrer-Politik to noreferrer and checked:
- XSS Schutz Zwingen
- Content Sniffing Deaktivieren
- Entfernen von PHP-Versionsinformationen aus dem Header
- Entfernen von WordPress-Versionsinformationen aus dem Header
What else do I need to do?
When I look at csp-options, the referred document https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy doesn’t tell me what values to insert on that tab. How do I know?
Plugin Author
Carl
(@carlconrad)
You may check this which goes into the details of the CSP option: https://content-security-policy.com/. Be careful, these options are quite touchy and can block some functions. Use the console to get error messages.
Carl
Do I have to manually edit the .htaccecc file and insert that code:
# HTTP security settings start
Header set Strict-Transport-Security: max-age=2592000; includeSubDomains; preload
Header set Content-Security-Policy ""
Header set X-Frame-Options: DENY
Header set Referrer-Policy: no-referrer
Header set X-XSS-Protection: "1; mode=block"
Header set X-Content-Type-Options: nosniff
# HTTP security settings end
Do I have to add something inside the “”?
-
This reply was modified 6 years, 6 months ago by
Frank Spade.
Plugin Author
Carl
(@carlconrad)
This is only provided in case the headers are being rewritten. This happens with some cache plug-ins.
Well, I managed to block out the site design. … very touchy …
Plugin Author
Carl
(@carlconrad)
Check the console to understand which resource you have blocked out.
Thank you for your patience and help, but which console are you talking about; sorry.
Plugin Author
Carl
(@carlconrad)
In your browser, you generally need to hit the F12 key and select the Console tab. You will get all the error messages.
Ah, some new territory. Thanks, I will explore.
Keep up the good work,
Frank