webbkoll.dataskydd.net reports Invalid header

  • Happy holidays!
    I tried different plugins and finaly used this to set security headers.
    It successfully stop referrers from leaking, but webbkoll.dataskydd.net now reports ?Invalid header?. I can’t see where that comes from.
    Can somebody please tell me how to fix that?
    Have a happy New Year!
    Frank

    The page I need help with: [log in to see the link]

Viewing 13 replies - 1 through 13 (of 13 total)
  • Plugin Author Carl

    (@carlconrad)

    Hello,
    I just have run the test on your web site but do not see your error message.
    Regards,
    Carl

    Thread Starter Frank Spade

    (@spade)

    Thanks for checking.

    When I do it now, this is what I get:

    Results for www.berlin-besucht.de
2019-12-26 20:06:20 Etc/UTC
HTTPS by default:  Yes
Content Security Policy:  Not implemented
Referrer Policy:  Referrers leaked
Cookies: 0
Third-party requests: 2 request to 1 unique host

    No idea, why it changed.

    Do you get something else?

    I still like to get this fixed.

    • This reply was modified 5 years, 2 months ago by Frank Spade.
    Plugin Author Carl

    (@carlconrad)

    I get the same result. I would be glad to fix it but I first need to reproduce the issue to understand its origin.

    Carl

    Thread Starter Frank Spade

    (@spade)

    Am I right to expect this plugin to be supposed to fix the Content Security and Referrer Policy?

    I set Referrer-Politik to noreferrer and checked:

    • XSS Schutz Zwingen
    • Content Sniffing Deaktivieren
    • Entfernen von PHP-Versionsinformationen aus dem Header
    • Entfernen von WordPress-Versionsinformationen aus dem Header

    What else do I need to do?

    Thread Starter Frank Spade

    (@spade)

    When I look at csp-options, the referred document https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy doesn’t tell me what values to insert on that tab. How do I know?

    Plugin Author Carl

    (@carlconrad)

    You may check this which goes into the details of the CSP option: https://content-security-policy.com/. Be careful, these options are quite touchy and can block some functions. Use the console to get error messages.

    Carl

    Thread Starter Frank Spade

    (@spade)

    Do I have to manually edit the .htaccecc file and insert that code:

    # HTTP security settings start

Header set Strict-Transport-Security: max-age=2592000; includeSubDomains; preload
Header set Content-Security-Policy ""
Header set X-Frame-Options: DENY
Header set Referrer-Policy: no-referrer
Header set X-XSS-Protection: "1; mode=block"
Header set X-Content-Type-Options: nosniff

# HTTP security settings end

    Do I have to add something inside the “”?

    • This reply was modified 5 years, 2 months ago by Frank Spade.
    Plugin Author Carl

    (@carlconrad)

    This is only provided in case the headers are being rewritten. This happens with some cache plug-ins.

    Thread Starter Frank Spade

    (@spade)

    Well, I managed to block out the site design. … very touchy …

    Plugin Author Carl

    (@carlconrad)

    Check the console to understand which resource you have blocked out.

    Thread Starter Frank Spade

    (@spade)

    Thank you for your patience and help, but which console are you talking about; sorry.

    Plugin Author Carl

    (@carlconrad)

    In your browser, you generally need to hit the F12 key and select the Console tab. You will get all the error messages.

    Thread Starter Frank Spade

    (@spade)

    Ah, some new territory. Thanks, I will explore.

    Keep up the good work,

    Frank

Viewing 13 replies - 1 through 13 (of 13 total)
  • The topic ‘webbkoll.dataskydd.net reports Invalid header’ is closed to new replies.