Viewing 11 replies - 1 through 11 (of 11 total)
  • Plugin Author Andrea Ferro

    (@unicorn03)

    Hi @c0der, thanks for downloading the Headers Security Advanced & HSTS WP plugin.

    I am here to help you with the issue you are experiencing with the third party service “Adsense by google” and the “Referrer-Policy” headers policy.

    no-referrer-when-downgrade was a default policy among browsers (Chrome, Firefox, Edge, Safari). Now we at Headers Security Advanced & HSTS WP also use a policy that is secure, privacy-enhancing, and useful
    so we have updated the Referrer-Policy header to strict-origin-when-cross-origin. With this policy, only the origin is sent in the Referer header of multi-origin requests.

    This prevents the leakage of private data that might be accessible from other parts of the full URL such as the path and query string.

    Update the plugin to version 4.8.98 and I am sure you will no longer experience the issue.

    For further assistance or questions please do not hesitate to contact us.`

    • This reply was modified 2 years, 4 months ago by Andrea Ferro.
    Thread Starter elfnon, inc.

    (@c0der)

    the last version is 4.8.96 no update yet

    Plugin Author Andrea Ferro

    (@unicorn03)

    Hi @c0der, you should see the plugin update to version 4.8.98 released 30 minutes ago.

    We are not experiencing any version anomalies on WordPress the version that is now available is 4.8.98

    Thread Starter elfnon, inc.

    (@c0der)

    thank you for help

    i test it nothing change

    View post on imgur.com

    Plugin Author Andrea Ferro

    (@unicorn03)

    Hi @c0der, I have checked however you are not using version 4.8.98, I would ask you to do that to resolve the issue that may occur with the cache.

    Go to section > plugins > uninstall the plugin and then delete the plugin > at this point reinstall the plugin and you should have resolved the caching/hosting side issue.

    From an internal check you are still using (referrer-policy no-referrer-when-downgrade) which instead the latest version no longer uses that directive.

    Best regards

    Thread Starter elfnon, inc.

    (@c0der)

    hello

    thank you for support

    i have delete cache from wp rocket and cloudflare and same notice still in site

    can you check please

    Plugin Author Andrea Ferro

    (@unicorn03)

    Hi @c0der, please go ahead I am just here to help you and provide support and the information you need.

    I have done some checking to see what headers are being loaded from your domain. The domain is not using our Headers Security Advanced & HSTS WP plugin guidelines.

    The headers currently visible are being forced by the external Cloudflare service and this is implementing outdated and incorrect directives.

    To resolve this issue, I ask you to take some actions that might explain your issue:

    – a common issue is the WP Rocket plugin that when used with other services such as Cloudflare can cause anomalies with the headers and directives set.

    –try disabling WP rocket, clearing the search engine cache and restart cloudflare.

    – once this is done try checking directly with the link above if you see the Referrer policy directive with the following value to strict-origin-when-cross-origin`

    As a last thing you could disable cloudflare headers but remember only the headers

    Vedi report security headers

    Thread Starter elfnon, inc.

    (@c0der)

    hello

    thank you

    i disable wp rocket and other plugin “Asset CleanUp Pro: Page Speed Booster”

    clear firefox cache

    and i delete cloudflare cache

    nothing change in firefox

    View post on imgur.com

    about cloudflare headers can you show where this setting or name

    im use cloudflare free plan

    Thread Starter elfnon, inc.

    (@c0der)

    i forget im using plugin “iThemes Security Pro”

    but nothing in settings for header

    Plugin Author Andrea Ferro

    (@unicorn03)

    Hi @c0der, I verified your site with the same link provided in the previous message.

    I now see in grade A+ and see that you are using the correct headers.

    The referrer-policy value has become strict-origin-when-cross-origin.

    I also checked your website and verified a few things and you see that in the DOM console the error is no longer presented Referrer-policy

    Thread Starter elfnon, inc.

    (@c0der)

    thank you for help

    now i only see

    “`Content Security Policy: Ignoring “’unsafe-inline’” within script-src: ‘strict-dynamic’ specified
    Content Security Policy: Ignoring “https:” within script-src: ‘strict-dynamic’ specified
    Content Security Policy: Ignoring “http:” within script-src: ‘strict-dynamic’ specified
    Content Security Policy: Ignoring “’unsafe-inline’” within script-src: ‘strict-dynamic’ specified
    Content Security Policy: Ignoring “https:” within script-src: ‘strict-dynamic’ specified
    Content Security Policy: Ignoring “http:” within script-src: ‘strict-dynamic’ specified
    Content Security Policy: Ignoring “’unsafe-inline’” within script-src: ‘strict-dynamic’ specified
    Content Security Policy: Ignoring “https:” within script-src: ‘strict-dynamic’ specified
    Content Security Policy: Ignoring “http:” within script-src: ‘strict-dynamic’ specified`”

    is that normal?

Viewing 11 replies - 1 through 11 (of 11 total)
  • The topic ‘AdSense’ is closed to new replies.