Good morning
I installed the plugin on my main site. EDD seems to work. However, I have errors:
Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
Error with Permissions-Policy header: Unrecognized feature: 'ch-ua-form-factor'.
GET https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2215653763757796445031%22,%22debug_reporting%22:true,%22destination%22:%22https://etsglobal. org%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22961899722%22],%224%22:[%2207 -09%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2213135409733739308865%22}&andc=true net::ERR_CONNECTION_CLOSED
The second problem is with HSTS:
Status: xxx.fr is not preloaded.
Eligibility: In order for xxx.fr to be eligible for preloading, the errors below must be resolved:
I had this Snippet and it's OK
function add_security_headers() {
header('Strict-Transport-Security: max-age=63072000; includeSubdomains; preload');
}
add_action('send_headers', 'add_security_headers');
The Permissions-Policy does not work.
I think these problems can be explained by maybe wp-supercache and also the functioning of my host:
The headers defined in a .htaccess file are only valid for non-PHP content (therefore static).
We use php-fpm which receives the different headers via apache fast_cgi. In the cgi_www RFC the "Strict-Transport-Security" header is not part of the headers passed via CGI and the apache doc httpd.apache.org/docs/2.2/howto/cgi.html confirms it. Read also https://www.ietf.org/rfc/rfc3875
Thank you for this very good plugin. Maybe you will have somme solutions.
Merci
