Support » Plugin: WP Content Security Plugin » Nothing seems to work, what could be happening?

  • I like the plugin. It works fine on other sites.
    One one site it does not put anything in the headers. Not even SAMEORIGIN. Using SOPHOS testing shows only the Strict Transport Security that I have activated for all sites in the httpd of Apache.
    I checked settings and the are the same as sites that work.
    There is a WPML multilanguage plugin active. Could that have this effect?
    There are no errors when WP in debug mode.

    An other plugin (secure headers) works. But since this plugin has no content options, I prefer the WP Content Security Plugin.

Viewing 4 replies - 1 through 4 (of 4 total)
  • I installed this on two sites and https://observatory.mozilla.org is indicating that neither site has the headers.

    After installing this plugin, you need to configure it. An installation and activation only does not set any headers.

    If you did configure it, you should give us a lot more information to help you. In your post there is not any relevant information to assist you. 🙂

    Hello,

    I am wondering if you can assist?

    I have this installed and configured on 2 sites.

    On the first site, it works perfectly.

    On the second site, it is like the plugin is not active.

    In your FAQ you have:

    “If nothing is in the console output then check the page has a CSP header by looking at the page in the ‘network’ tab of the dev tools. Check the ‘response’ has a header called ‘content-security-policy’ or ‘content-security-policy-report-only’ – if this is misisng then the plugin is not running or CSP is not enabled.”

    –> Can you advise where the ‘response’ is, in this output? Is this the column ‘name’ under ‘Network’ that you are referring to?

    I can’t see ‘content-security-policy’ for either the domain that is working, or the one that isn’t.

    Is there an email address that I can provide you with further information to help me resolve this?

    Kind regards,

    Anthony

    Hello!

    Are the two websites at the same hoster with the same server configuration?

    You can check you CSP e.g. at
    https://observatory.mozilla.org
    https://webbkoll.dataskydd.net

    With Chrome you can look in your developer tab under “Network” and click “Disable cache”. Then relaod the website e.g. by clicking F5. Then select your domain on the left site under “Name” and on the right site under “Headers” you should see “content security policy” if it is enabled.

    Best regards,
    Heiko

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Nothing seems to work, what could be happening?’ is closed to new replies.