Hmmm, I don’t understand. I can see the CSP listed in the head of the source, or is it something else that’s missing? It also effectively blocks resources that don’t have their domains listed in the plugin settings, so it seems to be working for me.
I can set up a staging site at some point, but I’m very busy and don’t have much time to to work on the website at the moment. Is there anything else you would suggest, or should I contact you again once the staging site is active?
Thank you again,
Ryan
I really don’t get it either unfortunately.
I found the following in the site’s .htaccess file. Could it be causing any problems?
<ifModule mod_headers.c>
Header set Strict-Transport-Security "max-age=31536000" env=HTTPS
Header set X-XSS-Protection "1; mode=block"
Header set X-Content-Type-Options nosniff
Header set X-Frame-Options SAMEORIGIN
Header set Referrer-Policy: no-referrer-when-downgrade
Header always set Permissions-Policy "geolocation=(self); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);"
</ifModule>
-
This reply was modified 1 year, 7 months ago by rkingisl.
I actually have no idea. But you can temporarily remove them and see if it makes any difference.