AdSense

Hi @c0der, thanks for downloading the Headers Security Advanced & HSTS WP plugin.

I am here to help you with the issue you are experiencing with the third party service “Adsense by google” and the “Referrer-Policy” headers policy.

no-referrer-when-downgrade was a default policy among browsers (Chrome, Firefox, Edge, Safari). Now we at Headers Security Advanced & HSTS WP also use a policy that is secure, privacy-enhancing, and useful
so we have updated the Referrer-Policy header to strict-origin-when-cross-origin. With this policy, only the origin is sent in the Referer header of multi-origin requests.

This prevents the leakage of private data that might be accessible from other parts of the full URL such as the path and query string.

Update the plugin to version 4.8.98 and I am sure you will no longer experience the issue.

For further assistance or questions please do not hesitate to contact us.`

• This reply was modified 1 year, 8 months ago by Andrea Ferro.

Hi @c0der, you should see the plugin update to version 4.8.98 released 30 minutes ago.

We are not experiencing any version anomalies on WordPress the version that is now available is 4.8.98

Hi @c0der, I have checked however you are not using version 4.8.98, I would ask you to do that to resolve the issue that may occur with the cache.

Go to section > plugins > uninstall the plugin and then delete the plugin > at this point reinstall the plugin and you should have resolved the caching/hosting side issue.

From an internal check you are still using (referrer-policy no-referrer-when-downgrade) which instead the latest version no longer uses that directive.

Best regards

Hi @c0der, please go ahead I am just here to help you and provide support and the information you need.

I have done some checking to see what headers are being loaded from your domain. The domain is not using our Headers Security Advanced & HSTS WP plugin guidelines.

The headers currently visible are being forced by the external Cloudflare service and this is implementing outdated and incorrect directives.

To resolve this issue, I ask you to take some actions that might explain your issue:

– a common issue is the WP Rocket plugin that when used with other services such as Cloudflare can cause anomalies with the headers and directives set.

–try disabling WP rocket, clearing the search engine cache and restart cloudflare.

– once this is done try checking directly with the link above if you see the Referrer policy directive with the following value to strict-origin-when-cross-origin`

As a last thing you could disable cloudflare headers but remember only the headers

Vedi report security headers