Content-Security-Policy (CSP) & X-Frame-Options blocks login

  • In my .HTACCESS I configured:

    # Content-Security-Policy – Example 3
    <IfModule mod_headers.c>
    Header set Strict-Transport-Security “max-age=15768000; includeSubDomains; preload”
    Header set Content-Security-Policy “default-src ‘self’;base-uri ‘self’; style-src ‘self’ ; object-src ‘self’ ; child-src ‘self’; script-src ‘self’ ; object-src ‘self’ ; img-src ‘self’ https://s.w.org https://www.ads-software.com&#8221;
    #default-src ‘none’; frame-ancestors; form-action ‘self’ ;
    Header set X-XSS-Protection “1; mode=block”
    Header set X-Content-Type-Options “nosniff”
    HEADER set X-Frame-Options “sameorigin”
    Header set Referrer-Policy ‘no-referrer’
    </IfModule>

    A Scan on https://webbkoll.dataskydd.net/de/ reports perfect security setting of my wordpress setting on hosted system.

    But running the piwik login on my site it reports as if i am using a PROXY HEADER.
    Also the Iframe for OPT-OUT reports both states (already opt out, and asking you to opt out, both in two languages)

    As my Website is working fine and also my nexcloud installation, what is wrong in the above setting for piwik (MATOMO)?

Viewing 1 replies (of 1 total)
  • Plugin Author braekling

    (@braekling)

    If you have any questions about Piwik/Matomo on its own, please have a look at the Matomo forums: https://forum.matomo.org/

    This support section is just about the WordPress plugin WP-Matomo (former WP-Piwik), I help you with your Piwik/Matomo server configuration.

Viewing 1 replies (of 1 total)
  • The topic ‘Content-Security-Policy (CSP) & X-Frame-Options blocks login’ is closed to new replies.