Content Security Policy – Two-Factor

Hello with these settings, the login page forwards to a 502 Bad Gateway.

Error messages:

ModSecurity: collection_store: Failed to access DBM file “/ var / cache / modsecurity / apache-default_SESSION”: No such file or directory [hostname “domain”] [uri “/wp-admin/options-general.php”] [unique_id “YQPoo3yFWClisVU3eAV6DQAAAAA”]

ModSecurity: collection_store: Failed to access DBM file “/ var / cache / modsecurity / apache-ip”: No such file or directory [hostname “Domain”] [uri “/wp-login.php”] [unique_id “YQPoqOnqiB6myKC8sPU2AwAAAAw”] , referer: https://domain.com/wp-login.php?itsec-hb-token=no2sec3saf1me

Please thank you for support

Content-Security-Policy

Header set Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://seal.godaddy.com/* netdna.bootstrapcdn.com addevent.com seal.godaddy.com s.seekda.com switch.seekda.com ibe.seekda.com static.seekda.com cloud.seekda.com https://maps.googleapis.com https://*.googleapis.com *.google-analytics.com *.google.com https://ajax.googleapis.com; style-src 'self' 'unsafe-inline' https://seal.godaddy.com/* https://netdna.bootstrapcdn.com static.seekda.com cloud.seekda.com *.cloudfront.net *.urlaubambauernhof.at https://fonts.googleapis.com; img-src 'self' https://qr-code.ithemes.com/ res.cloudinary.com static.seekda.com images.seekda.net https://images-eu.ssl-images-amazon.com/ https://ws-eu.amazon-adsystem.com/ https://secure.gravatar.com https://s.w.org https://wordpress.org https://ps.w.org data:; connect-src 'self' *.seekda.com; font-src 'self' netdna.bootstrapcdn.com static.seekda.com https://fonts.gstatic.com data:; media-src 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'self'; frame-src 'self' *.seekda.com https://ws-eu.amazon-adsystem.com/ https://www.google.com; base-uri 'none'"

It would be great if you can integrate the “https headers” directly into your plugin.